The only reason I believe it's just OOPS, and not NTLM is because Squid works with no problem. I think it may have something to do with WEBDAV. I can stop OOPS and start Squid with no change to iptables, and then it works fine.
The reason I don't just forward it through the firewall is that this is for a product I am working on for other school districts to use, and want to make sure that they do not have to add firewall rules to get thier mail working. Thanks for the suggestions though, Chad Elliott Network Manager Littleton Public Schools > > It may or may not be relevant to your problem, but it is worth > mentioning that NTLM authentication to an origin server /never/ works > through a proxy, regardless of the proxy software used--including > Microsoft's own proxy server products. NTLM is a connection-based > protocol which requires and end-to-end connection. A proxy will always > break that end-to-end connection. > > So, if your Exchange server is attempting to NTLM authenticate your > users it will always fail through any web proxy. NTLM authentication is > often called "transparent" authentication by folks who don't know what > it actually is...it means the client machine logs itself onto the server > using the same credentials the user used to login to their desktop > machine. > > The possible solutions to this problem: > > 1. Disable NTLM authentication for webmail on the Exchange server. > Users will then have to login manually. > > 2. Bypass the proxy for the webmail server requests. The /must/ be done > at the client side (if traditional proxy configuration) or at the > network layer where you are redirecting traffic (if interception > proxying). It /cannot/ be done by setting a no_cache directive or > something in your Oops proxy (I emphasize this because I get some many > questions about why "no_cache" in squid doesn't make sites that can't be > proxied work...I don't know what this option is called in Oops, but I > can assure you that there is no way for an application layer proxy to > bypass itself). > > > Hope this helps. But it might not. > > [EMAIL PROTECTED] wrote: >> I been using SQUID since 2 years on a P2 computer with 128 meg of ram >> and it >> is doing pretty well the job for my Exchange Server Interface as well as >> public Web hosting we offer. We are using squid for acceleration based >> on >> the private IP we specified in the host file of the linux box. >> >> Marc-Andre Heroux >> VAN & Internet (telecom) Specialist >> (450) 649-4556 >> (514) 957-3555 >> >> -----Original Message----- >> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On >> Behalf >> Of [EMAIL PROTECTED] >> Sent: March 30, 2005 8:41 PM >> To: [EMAIL PROTECTED] >> Subject: Re: [OOPS] Trouble with Exchange Web Interface Through OOPS. >> >> >> To clarify my first message, It is when I try to connect to the web >> interface for Microsoft Exchange Server. >> >> Thanks, >> >> Chad. >> >> >>> >>>I am transparently proxying through OOPS and everything works great >>> except >>>trying to connect to an exchange web interface. I get prompted for a >>>password, but then I just get "The page cannot be displayed" >>> >>>When I use Squid it works fine, however Squid is much more CPU intensive >>>and I don't like it. >>> >>>Here is a log of the OOPS activity during the connect attempt >>> >>> >>> >>>Wed Mar 30 19:46:59 2005 [0xb7dc5bb0]check_headers(): ---> `Host: >>>xxxxxxx.xxx.edu' >>>Wed Mar 30 19:46:59 2005 [0xb7dc5bb0]check_headers(): ---> `Connection: >>>Close' >>>Wed Mar 30 19:46:59 2005 [0xb7dc5bb0]check_headers(): ---> >>>`X-Forwarded-For: 10.0.39.234' >>>Wed Mar 30 19:46:59 2005 [0xb7dc5bb0]reload_map_file(): Can't stat : No >>>such file or directory >>>Wed Mar 30 19:46:59 2005 [0xb7dc5bb0]accel/redir(): called. >>>Wed Mar 30 19:46:59 2005 [0xb7dc5bb0]accel/0 returned 0 >>>Wed Mar 30 19:46:59 2005 [0xb7dc5bb0]transparent/redir() called. >>>Wed Mar 30 19:46:59 2005 [0xb7dc5bb0]transparent/redir(): my. >>>Wed Mar 30 19:46:59 2005 [0xb7dc5bb0]transparent/0 returned 0 >>>Wed Mar 30 19:46:59 2005 [0xb7dc5bb0]deny_http_access(): Connect from >>>127.0.0.1 - group [world] allowed. >>>Wed Mar 30 19:46:59 2005 [0xb7dc5bb0]locate_url_on_disk(): >>>xxxxxxx.xxx.edu/:80 not found. >>>Wed Mar 30 19:46:59 2005 [0xb7dc5bb0]locate_in_mem(): Not found. >>>Wed Mar 30 19:46:59 2005 [0xb7dc5bb0]run_client(): read >>><http><xxxxxx.xxx.edu><80></userdefined> from the net. >>>Wed Mar 30 19:46:59 2005 [0xb7dc5bb0]lookup_dns_cache(): It's here >>>Wed Mar 30 19:46:59 2005 [0xb66febb0]garbage_collector(): 3 dns hash >>>entries. >>>Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]analyze_header(): ---> `HTTP/1.1 >>> 401 >>>Unauthorized'. >>>Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]analyze_header(): Status code: 401 >>>Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]analyze_header(): ---> >>>`Content-Length: 1656'. >>>Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]analyze_header(): ---> >>>`Content-Type: text/html'. >>>Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]analyze_header(): ---> `Server: >>>Microsoft-IIS/6.0'. >>>Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]analyze_header(): ---> >>>`WWW-Authenticate: Negotiate'. >>>Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]analyze_header(): ---> >>>`WWW-Authenticate: NTLM'. >>>Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]analyze_header(): ---> >>>`X-Powered-By: ASP.NET'. >>>Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]analyze_header(): ---> `Date: Thu, >>>31 Mar 2005 00:48:04 GMT'. >>>Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]analyze_header(): ---> >>> `Connection: >>>close'. >>>Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]fill_mem_obj(): Downgrade flags: 0 >>>Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]fill_mem_obj(): Sending ready >>> header >>>`HTTP/1.1' -> `401 Unauthorized'. >>>Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]fill_mem_obj(): Sending ready >>> header >>>`Content-Length:' -> `1656'. >>>Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]fill_mem_obj(): Sending ready >>> header >>>`Content-Type:' -> `text/html'. >>>Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]fill_mem_obj(): Sending ready >>> header >>>`Server:' -> `Microsoft-IIS/6.0'. >>>Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]fill_mem_obj(): Sending ready >>> header >>>`WWW-Authenticate:' -> `Negotiate'. >>>Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]fill_mem_obj(): Sending ready >>> header >>>`WWW-Authenticate:' -> `NTLM'. >>>Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]fill_mem_obj(): Sending ready >>> header >>>`X-Powered-By:' -> `ASP.NET'. >>>Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]fill_mem_obj(): Sending ready >>> header >>>`Date:' -> `Thu, 31 Mar 2005 00:48:04 GMT'. >>>Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]fill_mem_obj(): Sending ready >>> header >>>`Connection:' -> `close'. >>>Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]fill_mem_obj(): Loaded >>> successfully: >>>received: 1891 >>>Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]lookup_dns_cache(): It's here >>>Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]check_headers(): ---> `Accept: >>>image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, >>>application/x-shockwave-flash, application/vnd.ms-excel, >>>application/vnd.ms-powerpoint, application/msword, */*' >>>Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]check_headers(): ---> >>>`Accept-Language: en-us' >>>Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]check_headers(): ---> >>>`Accept-Encoding: identity,gzip,deflate' >>>Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]check_headers(): ---> `User-Agent: >>>Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR >>>1.1.4322)' >>>Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]check_headers(): ---> `Host: >>>xxxxxxx.xxx.edu' >>>Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]check_headers(): ---> `Connection: >>>Close' >>>Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]check_headers(): ---> >>>`Authorization: Negotiate >>>TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAFASgKAAAADw==' >>>Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]check_headers(): ---> >>>`X-Forwarded-For: 10.0.39.234' >>>Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]accel/redir(): called. >>>Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]accel/0 returned 0 >>>Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]transparent/redir() called. >>>Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]transparent/redir(): my. >>>Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]transparent/0 returned 0 >>>Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]deny_http_access(): Connect from >>>127.0.0.1 - group [world] allowed. >>>Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]lookup_dns_cache(): It's here >>>Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]analyze_header(): ---> `HTTP/1.1 >>> 401 >>>Unauthorized'. >>>Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]analyze_header(): Status code: 401 >>>Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]analyze_header(): ---> >>>`Content-Length: 1539'. >>>Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]analyze_header(): ---> >>>`Content-Type: text/html'. >>>Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]analyze_header(): ---> `Server: >>>Microsoft-IIS/6.0'. >>>Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]analyze_header(): ---> >>>`WWW-Authenticate: Negotiate >>> >> >> TlRMTVNTUAACAAAADgAOADgAAAAFgomiuolIuC61jZMAAAAAAAAAALIAsgBGAAAABQLODgAAAA9N >> AEUAQwBDAE8AUgBQAAIADgBNAEUAQwBDAE8AUgBQAAEAGABFAFgAQwBIAEEATgBHAEUAMgAwADAA >> MwAEAB4AbQBlAGMAYwBvAHIAcAAuAG0AZQBjAC4AZQBkAHUAAwWed >> >>>Mar 30 19:47:00 2005 [0xb7dc5bb0]analyze_header(): ---> `X-Powered-By: >>>ASP.NET'. >>>Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]analyze_header(): ---> `Date: Thu, >>>31 Mar 2005 00:48:04 GMT'. >>>Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]analyze_header(): ---> >>> `Connection: >>>close'. >>>Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]send_not_cached(): Sending ready >>>header `HTTP/1.1' -> `401 Unauthorized'. >>>Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]send_not_cached(): Sending ready >>>header `Content-Length:' -> `1539'. >>>Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]send_not_cached(): Sending ready >>>header `Content-Type:' -> `text/html'. >>>Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]send_not_cached(): Sending ready >>>header `Server:' -> `Microsoft-IIS/6.0'. >>>Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]send_not_cached(): Sending ready >>>header `WWW-Authenticate:' -> `Negotiate >>> >> >> TlRMTVNTUAACAAAADgAOADgAAAAFgomiuolIuC61jZMAAAAAAAAAALIAsgBGAAAABQLODgAAAA9N >> AEUAQwBDAE8AUgBQAAIADgBNAEUAQwBDAE8AUgBQAAEAGABFAFgAQwBIAEEATgBHAEUAMgAwADAA >> MwAEAB4AbQBlAGMAYwBvAHIAcAAuWed >> >>>Mar 30 19:47:00 2005 [0xb7dc5bb0]send_not_cached(): Sending ready >>> header >>>`X-Powered-By:' -> `ASP.NET'. >>>Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]send_not_cached(): Sending ready >>>header `Date:' -> `Thu, 31 Mar 2005 00:48:04 GMT'. >>>Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]send_not_cached(): Sending ready >>>header `Connection:' -> `close'. >>>Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]lookup_dns_cache(): It's here >>>Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]send_not_cached(): not_cached >>> done. > ===================================================================== > If you would like to unsubscribe from this list send message to > [EMAIL PROTECTED] with "unsubscribe oops-eng" in message body. > Archive is accessible on http://lists.paco.net/oops-eng/ > ===================================================================== If you would like to unsubscribe from this list send message to [EMAIL PROTECTED] with "unsubscribe oops-eng" in message body. Archive is accessible on http://lists.paco.net/oops-eng/
