Re: NTLM, mod_JK and Internet Explorer
Hi Lucas, I think I remember, that NTLM needs HTTP Keepalive. Now this is default per httpd, but one can disable it, so make sure KeepAlive is active in your httpd configuration. Regards, Rainer Lucas Blancher schrieb: Hello, I have a setup that is using Apache 2.2.x, mod_jk 1.2.26, jboss 4.2 (tomcat 5.5) and alfresco. This setup works file when browsing with Firefox, but when someone tries to log in using Internet Explorer they get a message saying This page can not be displayed after entering their username and password. When I use the native http handler in tomcat, Internet Explorer works correctly and the pages are displayed after the NTLM username and password prompt. The difference I see when checking the logs is that when IE and mod_jk are used a 401 http code gets retuned. A 401 http return code does not show in the logs when Firefox is used. Has anyone has this problem before? Any Idea's? If you need more information please let me know. Thanks, Lucas Blancher - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: NTLM, mod_JK and Internet Explorer
good call do you have any RewriteRules in your httpd.conf? - Original Message - From: Rainer Jung [EMAIL PROTECTED] To: Tomcat Users List users@tomcat.apache.org Sent: Friday, December 28, 2007 5:01 AM Subject: Re: NTLM, mod_JK and Internet Explorer Hi Lucas, I think I remember, that NTLM needs HTTP Keepalive. Now this is default per httpd, but one can disable it, so make sure KeepAlive is active in your httpd configuration. Regards, Rainer Lucas Blancher schrieb: Hello, I have a setup that is using Apache 2.2.x, mod_jk 1.2.26, jboss 4.2 (tomcat 5.5) and alfresco. This setup works file when browsing with Firefox, but when someone tries to log in using Internet Explorer they get a message saying This page can not be displayed after entering their username and password. When I use the native http handler in tomcat, Internet Explorer works correctly and the pages are displayed after the NTLM username and password prompt. The difference I see when checking the logs is that when IE and mod_jk are used a 401 http code gets retuned. A 401 http return code does not show in the logs when Firefox is used. Has anyone has this problem before? Any Idea's? If you need more information please let me know. Thanks, Lucas Blancher - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: NTLM, mod_JK and Internet Explorer
I found my problem, it was the KeepAlive setting, it was set to 'Off' I Changed it to 'On' and it started working over http. I then switched to ssl and had the same problem, after looking in the ssl.conf file I found a line 'SetEnvIf User-Agent .*MSIE.* nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0'. I commented it out, and it started to work correctly. Thank you very much! Lucas -Original Message- From: Rainer Jung [mailto:[EMAIL PROTECTED] Sent: December 28, 2007 05:01 To: Tomcat Users List Subject: Re: NTLM, mod_JK and Internet Explorer Hi Lucas, I think I remember, that NTLM needs HTTP Keepalive. Now this is default per httpd, but one can disable it, so make sure KeepAlive is active in your httpd configuration. Regards, Rainer Lucas Blancher schrieb: Hello, I have a setup that is using Apache 2.2.x, mod_jk 1.2.26, jboss 4.2 (tomcat 5.5) and alfresco. This setup works file when browsing with Firefox, but when someone tries to log in using Internet Explorer they get a message saying This page can not be displayed after entering their username and password. When I use the native http handler in tomcat, Internet Explorer works correctly and the pages are displayed after the NTLM username and password prompt. The difference I see when checking the logs is that when IE and mod_jk are used a 401 http code gets retuned. A 401 http return code does not show in the logs when Firefox is used. Has anyone has this problem before? Any Idea's? If you need more information please let me know. Thanks, Lucas Blancher - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: NTLM, mod_JK and Internet Explorer
Hello, Thank you for your response, but I don't think this is applicable, I am not using IIS for the front end, I am using Apache so I don't think I have the sub codes that you are referring to. Even in IE I get an initial prompt for a username and password(witch I enter and press ok), but then I get the 401 Error. I know it's a 401 error from reviewing the mod_jk and access_log logs. Lucas -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: December 27, 2007 16:25 To: [EMAIL PROTECTED] Subject: Re: NTLM, mod_JK and Internet Explorer 401 is unauthorised but the real reason is the subcode explained here http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/c 9511f97-d898-4aed-b0a8-979ce30d85b5.mspx?mfr=true In any case the webserver should present a login credential screen it is this screen that contains the credentials to pass thru to NTLM authenticator It seems that you do not see that screen so I would inform the web-admin M-- - Original Message - Wrom: VWRKJVZCMHVIBGDADRZFSQHYUCDDJBLVLMHAALPT To: users@tomcat.apache.org Sent: Thursday, December 27, 2007 3:06 PM Subject: NTLM, mod_JK and Internet Explorer Hello, I have a setup that is using Apache 2.2.x, mod_jk 1.2.26, jboss 4.2 (tomcat 5.5) and alfresco. This setup works file when browsing with Firefox, but when someone tries to log in using Internet Explorer they get a message saying This page can not be displayed after entering their username and password. When I use the native http handler in tomcat, Internet Explorer works correctly and the pages are displayed after the NTLM username and password prompt. The difference I see when checking the logs is that when IE and mod_jk are used a 401 http code gets retuned. A 401 http return code does not show in the logs when Firefox is used. Has anyone has this problem before? Any Idea's? If you need more information please let me know. Thanks, Lucas Blancher - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: NTLM, mod_JK and Internet Explorer
let me be more direct what is the subcode? M- - Original Message - From: Lucas Blancher [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: users@tomcat.apache.org Sent: Thursday, December 27, 2007 4:44 PM Subject: RE: NTLM, mod_JK and Internet Explorer Hello, Thank you for your response, but I don't think this is applicable, I am not using IIS for the front end, I am using Apache so I don't think I have the sub codes that you are referring to. Even in IE I get an initial prompt for a username and password(witch I enter and press ok), but then I get the 401 Error. I know it's a 401 error from reviewing the mod_jk and access_log logs. Lucas -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: December 27, 2007 16:25 To: [EMAIL PROTECTED] Subject: Re: NTLM, mod_JK and Internet Explorer 401 is unauthorised but the real reason is the subcode explained here http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/c 9511f97-d898-4aed-b0a8-979ce30d85b5.mspx?mfr=true In any case the webserver should present a login credential screen it is this screen that contains the credentials to pass thru to NTLM authenticator It seems that you do not see that screen so I would inform the web-admin M-- - Original Message - Wrom: VWRKJVZCMHVIBGDADRZFSQHYUCDDJBLVLMHAALPT To: users@tomcat.apache.org Sent: Thursday, December 27, 2007 3:06 PM Subject: NTLM, mod_JK and Internet Explorer Hello, I have a setup that is using Apache 2.2.x, mod_jk 1.2.26, jboss 4.2 (tomcat 5.5) and alfresco. This setup works file when browsing with Firefox, but when someone tries to log in using Internet Explorer they get a message saying This page can not be displayed after entering their username and password. When I use the native http handler in tomcat, Internet Explorer works correctly and the pages are displayed after the NTLM username and password prompt. The difference I see when checking the logs is that when IE and mod_jk are used a 401 http code gets retuned. A 401 http return code does not show in the logs when Firefox is used. Has anyone has this problem before? Any Idea's? If you need more information please let me know. Thanks, Lucas Blancher - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: NTLM, mod_JK and Internet Explorer
Lucas Blancher wrote: How do I find the sub code in Apache httpd? I am using the common logging format and it already has %s in the logging string, but my logs only have 401 in them, without any subcodes. An example is Personally, I'd ignore the sub code question and look what is going back and forth between the client and httpd. I'd use ieHttpHeaders in IE and Live Http Headers in Firefox and do a compare and contrast between the working configuration and the broken one. I'd expect to see a number of differences some of which will be irrelevant but at least one will be key. The trick is to figure out which is significant. Post the results here if you need help. Mark - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: NTLM, mod_JK and Internet Explorer
How do I find the sub code in Apache httpd? I am using the common logging format and it already has %s in the logging string, but my logs only have 401 in them, without any subcodes. An example is 10.11.12.13 - - [27/Dec/2007:14:18:07 -0500] GET /alfresco/faces/jsp/dashboards/container.jsp HTTP/1.1 401 - - Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 1.1.4322) Thanks, Lucas -Original Message- From: Martin Gainty [mailto:[EMAIL PROTECTED] Sent: December 27, 2007 16:46 To: Lucas Blancher Cc: users@tomcat.apache.org Subject: Re: NTLM, mod_JK and Internet Explorer let me be more direct what is the subcode? M- - Original Message - From: Lucas Blancher [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: users@tomcat.apache.org Sent: Thursday, December 27, 2007 4:44 PM Subject: RE: NTLM, mod_JK and Internet Explorer Hello, Thank you for your response, but I don't think this is applicable, I am not using IIS for the front end, I am using Apache so I don't think I have the sub codes that you are referring to. Even in IE I get an initial prompt for a username and password(witch I enter and press ok), but then I get the 401 Error. I know it's a 401 error from reviewing the mod_jk and access_log logs. Lucas -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: December 27, 2007 16:25 To: [EMAIL PROTECTED] Subject: Re: NTLM, mod_JK and Internet Explorer 401 is unauthorised but the real reason is the subcode explained here http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/c 9511f97-d898-4aed-b0a8-979ce30d85b5.mspx?mfr=true In any case the webserver should present a login credential screen it is this screen that contains the credentials to pass thru to NTLM authenticator It seems that you do not see that screen so I would inform the web-admin M-- - Original Message - Wrom: VWRKJVZCMHVIBGDADRZFSQHYUCDDJBLVLMHAALPT To: users@tomcat.apache.org Sent: Thursday, December 27, 2007 3:06 PM Subject: NTLM, mod_JK and Internet Explorer Hello, I have a setup that is using Apache 2.2.x, mod_jk 1.2.26, jboss 4.2 (tomcat 5.5) and alfresco. This setup works file when browsing with Firefox, but when someone tries to log in using Internet Explorer they get a message saying This page can not be displayed after entering their username and password. When I use the native http handler in tomcat, Internet Explorer works correctly and the pages are displayed after the NTLM username and password prompt. The difference I see when checking the logs is that when IE and mod_jk are used a 401 http code gets retuned. A 401 http return code does not show in the logs when Firefox is used. Has anyone has this problem before? Any Idea's? If you need more information please let me know. Thanks, Lucas Blancher - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: NTLM, mod_JK and Internet Explorer
at last count there are (at least) 7 possible reasons for a 401 since the authentication is tied to NTLM would suggest its a problem with the acls in addition to the suggested tools:get firebug in firefox to see the gets/posts as well as stepping thru any JShttp://www.joehewitt.com/blog/firebug_for_iph.phpI would also look at getting fiddler for traffic analysis (there are many others out there) http://www.fiddlertool.com/fiddler/ of course posting the code would tell you in less than 1 minute what authentication the servlet is implementing..and why the user your client is using is failing under all versions of IE and not under firefox... Martin __Disclaimer and confidentiality noteEverything in this e-mail and any attachments relates to the official business of Sender. This transmission is of a confidential nature and Sender does not endorse distribution to any party other than intended recipient. Sender does not necessarily endorse content contained within this transmission. Date: Thu, 27 Dec 2007 23:14:12 + Wrom: FAOBUZXUWLSZLKBRNVWWCUFPEGAUTFJMVRESKPNKMBIPBARHDMNNSKVFVWRKJVZCMHVIBGDADRZFSQHYUCDDJBLVLMHAALPTCXLYRWTQTIPWIGYOKSTTZRCLBDXRQBGJSNBOHMKHJYFMYXOEAIJJPHSCRTNHGSWZIDREXCAXZOWCONEUQZAAFXISHJEXXIMQZUIVOTQNQEMSFDULHPQQWOYIYZUNNYCGPKYLEJGDGVCJVTLBXFGGMEPYOQKEDOTWFAOBUZXUWLSZLKBRNVWWCUFPEGAUTFJMVRESKPNKMBIPBARHDMNNSKVFVWRKJVZCMHVIBGDADRZFSQHYUCDDJBLVLMHAALPTCXLYRWTQTIPWIGYOKSTTZRCLBDXRQBGJSNBOHMKHJYFMYXOEAIJJPHSCRTNHGSWZIDREXCAXZOWCONEUQZAAFXISHJEXXIMQZUIVOTQNQEMSFDULHPQQWOYIYZUNNYCGPKYLEJGDGVCJVTLBXFGGMEPYOQKEDOTWFAOBUZXUWLSZLKBRNVWWCUFPEGAUTFJMVRESKPNKMBIPBARHDMNNSKVFVWRKJVZCMHVIBGDADRZFSQHYUCDDJBLVLMHAALPTCXLYRWTQTIPWIGYOKSTTZRCLBDXRQBGJSNBOHMKHJYFMYXOEAIJJPHSCRTNHGSWZIDREXCAXZOWCONEUQZAAFXISHJEXXIMQZUIVOTQNQEMSFDULHPQQWOYIYZUNNYCGPKYLEJGDGVCJVTLBXFGGMEPYOQKEDOTWFAOBUZXUWLSZLKBRNVWWCUFPEGAUTFJMVRESKPNKMBIPBARHDMNNSKVFVWRKJVZCMHVIBGDADRZFSQHYUCDD significant. Post the results here if you need help. Mark - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] _ Get the power of Windows + Web with the new Windows Live. http://www.windowslive.com?ocid=TXT_TAGHM_Wave2_powerofwindows_122007
