>> > That's terrific that it works, but I'm not sure I understand why.
>> Does "connection-auth=off" disable pass-through of NTLM? My
>> understanding of the Activesync devices is that they require NTLM.
>> >
>>
>> Yes it disables pass-thru for NTLM.
>>
>> Which for you blocks that first NTLM challenge (direct from the OWA?),
>> and leaves the second (from your Squid auth_* setup?) to go through.
>>
>> Amos
>
> But I have all of my auth_* commented out.
>
> Before adding "connection-auth=off" to my https_port config, Firefox would
> give me two authentication prompts. First: "Enter user name and password
> for ...", which would not work. Then only after I hit CANCEL, I would get
> "A user name and password are being requested by ...", which does work.
>
> With "connection-auth=off" or with "Windows integrated authentication"
> disabled on the OWA server, Firefox would give me only the 2nd dialog, and
> it works. But Activesync devices don't work "Windows integrated" disabled.
>
> With "Basic authentication" and "Windows integrated authentication"
> enabled on the OWA server and "connection-auth=off", everything works like
> it should.
>
> It's so confusing.
Yes. Multiple authentication methods, triggered from multiple sources,
going via multiple paths can be confusing.
Squid auth_param elided, which leaves:
"A user name and password are being requested by ..."
== basic challenge by ISA.
"Enter user name and password for ..."
== integrated/NTLM challenge by ISA.
I'm now thinking we have two distinct configurations for Squid:
Basic Auth (only) passed back
cache_peer ... login=PASS connection-auth=off
NTLM Auth (only) passed back:
cache_peer ... connection-auth=on
Which appear to be non-compatible auth methods at present.
What happens if you re-enable the connection-auth on https_port and remove
the login=PASS from cache_peer?
Amos
>
> Alan
>
> --------------------------------------------------------------------------
> Please note our new email and website address!
> Alan Lehman, PE
> Associate
> mailto:alehman_at_gbateam.com
> creating remarkable solutions
> for a higher quality of life
> http://www.gbateam.com
> 9801 Renner Boulevard
> Lenexa, KS 66219-9745
> 913.577.8829 direct
> 816.210.8785 mobile
> 913.577.8264 fax
>
> CONFIDENTIALITY NOTICE: This e-mail message including attachments, if any,
> is intended for the person or entity to which it is addressed and may
> contain confidential and/or privileged material. Any unauthorized review,
> use, disclosure or distribution is prohibited. If you are not the intended
> recipient, please contact the sender by reply e-mail and destroy all
> copies of the original message. Thank you
>
>
Received on Wed Jan 14 2009 - 20:41:00 MST
This archive was generated by hypermail 2.2.0 : Fri Jan 16 2009 - 12:00:03 MST