Thx for your reply Amos,
So the issue is squid doesn't pass through the type-1 message ...
I've check the http version, check this on IIS6 logs, it's 1v1 and same with
squid.
For keepalive, I've used the only squid parameters I know (u gave me them
later) as :
client_persistent_connections
and
server_persistent_connections
I think the link SQUID -> IIS6 RPC PROXY is represented by the cache_peer
line on my squid.conf, and I don't know if client_persistent_connections and
server_persistent_connections parameters affect cache_peer too ?
Dunno what to do now ...
Regards
Clem
-----Message d'origine-----
De : Amos Jeffries [mailto:squid3_at_treenet.co.nz]
Envoyé : vendredi 2 mars 2012 17:46
À : squid-users_at_squid-cache.org
Objet : Re: [squid-users] https analyze, squid rpc proxy to rpc proxy ii6
exchange2007 with ntlm
[please remember to start your own new thread with new topics.
I only spotted this because I was answering David]
On 3/03/2012 2:33 a.m., Clem wrote:
> If I go to https://www.owasp.org/index.php/Authentication_In_IIS or
> http://www.innovation.ch/personal/ronald/ntlm.html
>
> NTLM Handshake
>
> When a client needs to authenticate itself to a proxy or server using the
> NTLM scheme then the following 4-way handshake takes place (only parts of
> the request and status line and the relevant headers are shown here; "C"
is
> the client, "S" the server):
>
> 1: C --> S GET ...
>
> 2: C<-- S 401 Unauthorized
> WWW-Authenticate: NTLM
>
> 3: C --> S GET ...
> Authorization: NTLM<base64-encoded type-1-message>
>
> 4: C<-- S 401 Unauthorized
> WWW-Authenticate: NTLM<base64-encoded type-2-message>
>
> 5: C --> S GET ...
> Authorization: NTLM<base64-encoded type-3-message>
>
> 6: C<-- S 200 Ok
>
>
> I can see there us 3 auth/authorization before le 200 OK, squid seems to
> send only 1 and stop
You have described well what the proper NTLM handshake sequence is.
You need to look at the Connection: keep-alive/close values and HTTP
version numbers coming into Squid from the client, then going from Squid
to the server, and the response flow as well coming back from server to
Squid then Squid to client.
> -----Message d'origine-----
> De : Clem
>
> Hello,
>
> What I can see :
>
> ........ USER with outlook PROXY RPC enabled with NTLM auth -> PROXY RPC
> IIS6/Exchange 2007
>
> Outlook sends credentials, the proxy handles them and open exchange
mailbox.
>
> ........ USER with outlook PROXY RPC enabled with NTLM auth -> SQUID
PROXY
> -> PROXY RPC IIS6/Exchange 2007
>
> The user sends credentials via squid, squid can't forward them exactly to
> the Exchange/IIS6 RPC Proxy and the proxy denies
>
>
> In the https analyzer I can see the NTLM request header is very short when
> we use squid and when we don't use it this header is very long ...
>
> Like this
>
> NTLM
>
TlRMTVNTUAADAAAAGAAYAJgAAABkAWQBsAAAABoAGgBYAAAAEAAQAHIAAAAWABYAggAAAAAAAAAU
>
AgAABYKIogYBsR0AAAAPOq4/lcuCWEXBWP01xOfE7UUAVQBSAE8AUwBJAFQATgBFAFYARQBSAFMA
>
YQAuAHcAYQBxAHUAZQB0AEEALQBXAEEAUQBVAEUAVAAtAEgAUAAAAAAAAAAAAAAAAAAAAAAAAAAA
>
AAAAAAA4lx3+SYlVeSBpzbj9B93OAQEAAAAAAABuLvLQdfjMAYEqGS4sEy38AAAAAAIAGgBFAFUA
>
UgBPAFMASQBUAE4ARQBWAEUAUgBTAAEAFgBFAFUAUgBPAFMASQBUAE0AQQBJAEwABAAgAGUAdQBy
>
AG8AcwBpAHQAbgBlAHYAZQByAHMALgBmAHIAAwA4AGUAdQByAG8AcwBpAHQAbQBhAGkAbAAuAGUA
> dQByAG8AcwBpAHQAbgBlAHYAZQByAHMALgBmAHIABQAgAGUAdQByA[.....]
This is a NTLM type-3 message.
Step (5) in the sequence up top.
>
> For direct connection
>
> And whith squid :
>
> NTLM TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAGAbEdAAAADw==
This is a NTLM type-1 message.
Step (3) in the sequence up top.
You can paste the NTLM header blob into this tool to see the packet
structure inside it.
http://tomeko.net/online_tools/base64.php
NTLM packets start with "NTLMSSP" 0x00 <type> 0x00 0x00 0x00 ...
Amos
Received on Wed Mar 07 2012 - 10:27:47 MST
This archive was generated by hypermail 2.2.0 : Wed Mar 07 2012 - 12:00:02 MST