I made a mistake yesterday, in fact for windows7 (sp1) that works only with login=PASS in cache_peer ... and unfortunately, this doesn't work for XP clients now ...
I've noticed when I delete "originserver" option from cache_peer line (only with James "tweak"), I can connect with login:user:password and login=PASS on windows7, but not on XP, I've a 401 error. I can't make this working for both xp and w7, still searching a solution ... -----Message d'origine----- De : Clem [mailto:clemf...@free.fr] Envoyé : mardi 12 juin 2012 15:51 À : squid-users@squid-cache.org Objet : RE: [squid-users] https analyze, squid rpc proxy to rpc proxy ii6 exchange2007 with ntlm Hello, With the help of James, I'm now able to connect with my W7 clients to my exchange 2007 IIS6 RPC proxy through squid, same squid config as before (3.2.x), but newly 3.1.20 version with "tweak patch" from James Harper. OWA, RPC PROXY (outlook anywhere) + Activesync are OK. Before compiling squid, go to "src" directory, edit client_side_reply.cc, go to ---------------------> void clientReplyContext::cloneReply() { assert(reply == NULL); HttpReply *rep = http->storeEntry()->getReply()->clone(); reply = HTTPMSGLOCK(rep); if (reply->sline.protocol == PROTO_HTTP) { /* enforce 1.0 reply version (but only on real HTTP traffic) */ } /* do header conversions */ buildReplyHeader(); } <----------------------- and remove or comment -----------------> if (reply->sline.protocol == PROTO_HTTP) { /* enforce 1.0 reply version (but only on real HTTP traffic) */ } <----------------- Then I compiled squid with --enable-ssl, and use my squid.conf that worked for XP only, and tested on my W7 clients, and YES that works for them too ! Windowsxp sp3 + outlook 2007 -> works with login=DOMAIN\Adminuser:password in cache_peer but not with login=PASS Windows7 SP2 + outlook 2010 -> works with login=DOMAIN\Adminuser:password in cache_peer AND with login=PASS Dunno why in XP I can't use login=PASS, in my IIS6 logs I can see user windows credentials are properly sent but I think there something wrong happens with the reply, that doesn't happen with windows7. Anyway that works, and I'll be able to test my squid frontend (+postfix to forward mails), and then in July on my new Exchange 2007 server with IIS7 (I'll tell you if that works too) ! Regards, Clem -----Message d'origine----- De : Clem [mailto:clemf...@free.fr] Envoyé : lundi 14 mai 2012 13:33 À : 'Amos Jeffries'; squid-users@squid-cache.org Objet : RE: [squid-users] https analyze, squid rpc proxy to rpc proxy ii6 exchange2007 with ntlm In the log, the exactly same sequence, on w7 it hangs, on xp it continues : ....:::::::::::::::::: Win7 2012/05/14 10:14:15.090| ctx: enter level 0: 'https://mail.x.fr/rpc/rpcproxy.dll?fqdn_exchange_server:6002' 2012/05/14 10:14:15.090| HTTP Server local=ip_squid:49014 remote=ip_exchange_server:443 FD 12 flags=1 2012/05/14 10:14:15.090| HTTP Server REPLY: --------- HTTP/1.1 200 OK Date: Mon, 14 May 2012 10:15:09 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Type: application/rpc Content-Length:20 Connection: Keep-Alive ---------- 2012/05/14 10:14:15.091| ctx: exit level 0 2012/05/14 10:14:15.091| The reply for RPC_OUT_DATA https://mail.x.fr/rpc/rpcproxy.dll?fqdn_exchange_server:6002 is 1, because it matched 'all' 2012/05/14 10:14:15.091| HTTP Client local=ip_squid:443 remote=ip_wan_client:51556 FD 11 flags=1 2012/05/14 10:14:15.091| HTTP Client REPLY: --------- HTTP/1.1 200 OK Date: Mon, 14 May 2012 10:15:09 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Type: application/rpc Content-Length: 20 X-Cache: MISS from mail.x.fr Via: 1.1 mail.x.fr (squid/3.2.0.17-20120415-r11555) Connection: keep-alive ---------- 2012/05/14 10:14:15.092| FilledChecklist.cc(100) ~ACLFilledChecklist: ACLFilledChecklist destroyed 0x8dff1c8 2012/05/14 10:14:15.092| ACLChecklist::~ACLChecklist: destroyed 0x8dff1c8 And it hangs there ... ....:::::::::::::::::: Win7 ....:::::::::::::::::: WinXP 2012/05/11 13:22:33.452| ctx: enter level 0: 'https://mail.x.fr/rpc/rpcproxy.dll?fqdn_exchange_server:6002' 2012/05/11 13:22:33.452| HTTP Server local=ip_squid:46111 remote=ip_exchange_server:443 FD 12 flags=1 2012/05/11 13:22:33.452| HTTP Server REPLY: --------- HTTP/1.1 200 OK Date: Fri, 11 May 2012 13:23:13 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Type: application/rpc Content-Length:20 Connection: Keep-Alive ---------- 2012/05/11 13:22:33.452| ctx: exit level 0 2012/05/11 13:22:33.452| The reply for RPC_OUT_DATA https://mail.x.fr/rpc/rpcproxy.dll?fqdn_exchange_server:6002 is 1, because it matched 'all' 2012/05/11 13:22:33.452| HTTP Client local=ip_squid:443 remote=ip_wan_client:1162 FD 11 flags=1 2012/05/11 13:22:33.452| HTTP Client REPLY: --------- HTTP/1.1 200 OK Date: Fri, 11 May 2012 13:23:13 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Type: application/rpc Content-Length: 20 X-Cache: MISS from mail.x.fr Via: 1.1 mail.x.fr (squid/3.2.0.17-20120415-r11555) Connection: keep-alive ---------- 2012/05/11 13:22:33.454| FilledChecklist.cc(100) ~ACLFilledChecklist: ACLFilledChecklist destroyed 0x8dccea8 2012/05/11 13:22:33.454| ACLChecklist::~ACLChecklist: destroyed 0x8dccea8 2012/05/11 13:22:33.512| HTTP Client local= ip_squid:443 remote=ip_wan_client:1160 FD 8 flags=1 2012/05/11 13:22:33.512| HTTP Client REQUEST: --------- RPC_IN_DATA /rpc/rpcproxy.dll? fqdn_exchange_server:6002 HTTP/1.1 Accept: application/rpc User-Agent: MSRPC Host: mail.x.fr Content-Length: 1073741824 Connection: Keep-Alive Cache-Control: no-cache Pragma: no-cache ................ and that continues ... ....:::::::::::::::::: WinXP And no more infos why It's hanging Clem -----Message d'origine----- De : Amos Jeffries [mailto:squ...@treenet.co.nz] Envoyé : lundi 14 mai 2012 12:17 À : squid-users@squid-cache.org Objet : Re: [squid-users] https analyze, squid rpc proxy to rpc proxy ii6 exchange2007 with ntlm On 14/05/2012 7:42 p.m., Clem wrote: > Hi Amos, > > Thx for your answer. > > I'm still searching why my solution works with XP and only when I change 2 > settings (lanmanager level, and disable msstd) on Windows7. > So I use a cache.log with debug options to analyze more precisely, to see the > difference between these two OS. > > When that doesn’t work on windows7, the request is "stuck" on RPC_OUT_DATA > with a 200 success HTTP, sort of time out, and no infos, I've sniffed all I > can, and nothing ... > > The only thing I can see in logs is the cookie header and the pragma > "sessionid" on windows7. In XP there is no cookie header and pragma is > "no-cache" only, no other values. Hmm. Hanging usually means something somewhere is waiting expecting data somewhere. Could be an HTTP object sent with wrong body size. Or another side channel somewhere expected to be working but not operating. Things like unexpected side channels seem to happen a lot with MS software IME. >> Also, request_header_replace requires a previous "request_header_access deny >> ..." giving permission to remove existng header details before it can >> replace the content. > Thx for this info, I'll test it today. > If I write : > request_header_access Cookie deny all > request_header_replace Cookie none > > Does this disable cookie header ? It erases all existing Cookie values and creates the header "Cookie: none". Amos
