Sander, I successfully use mode http-keep-alive in my lab for outlook clients getting connected to an exchange 2010 cluster with RPC over HTTP and NTLM auth.
So please share here your configuration, so we can have a look at it. Baptiste On Thu, Jan 2, 2014 at 9:16 PM, Sander Klein <roe...@roedie.nl> wrote: > On 31.12.2013 00:50, Lukas Tribus wrote: >> >> Hi, >>> >>> Subject: http-keep-alive broken? >>> >>> Hi, >>> >>> I'm using haproxy ss-20131229 to reverse proxy some windows iis server >>> with ntlm-auth enabled (one of them being exchange 2012). >>> >>> While I understood that using 'option http-keep-alive' would make >>> ntlm-auth work, it doesn't work for me. Are there still some issue with >>> http-keep-alive and ntlm-auth? >> >> >> Honestly I would just use the default tunnel mode for this, so I don't >> have to think about the NTLM crap when choosing keep-alive/load-balancing >> parameters. >> >> If you would like to combine NTLM-auth plus keep-alive, I'd propose >> enabling: >> option prefer-last-server >> >> >> http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#4.2-option%20prefer-last-server > > > Wile I do agree that using tcp-mode would make stuff easier, I also need to > do some redirecting on the host-header. Which is AFAIK not possible while in > tcp-mode. (I might be wrong) > > I tried moving 'option http-keep-alive' to the frontend section but that > didn't help. I also used 'option prefer-last-server' but that didn't help as > well and I think it wouldn't make any difference since it only redirects to > one server. > > The docs say that http-keep-alive should be useful if (quote): > > - when the server is non-HTTP compliant and authenticates the connection > instead of requests (eg: NTLM authentication) > > http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#option%20http-keep-alive > > But as far as I have tested it only breaks NTML auth badly. So, either I'm > doing something wrong, or haproxy is doing something wrong, or the docs are > wrong about the NTLM part :-) > > Greets, > > Sander >
