SZ, Yes, I read your post, however I have no glue what's wrong, otherwise I would have answered. That's no reason for spamming me! There are many possible reasons why authorization can fail, the NTLM handshake you posted seems ok. Why do you think I should know? Tell us more about the environment and your implementation details, may be the user simply is not found (local account on the IIS box)?
-- Arno Garrels [TeamICS] http://www.overbyte.be/eng/overbyte/teamics.html Fastream Technologies wrote: > Hello, > > Some customers complain that when auth. is disabled on proxy and it is > tunneled to web server with the client opting for NTLM auth., it does > not > work. It continuously displays 401 screen of the web server with > realm="" on > FF latest. If you enter correct or wrong credential, it repops the > same. If > you click on cancel, it displays a working dialog box for once with > successful login to OWA (which btw has SSL disabled). But the css and > the > right frame shows 404. Here is the working direct access to same NTLM > session with FF2 latest. (BTW, it's the same with IE): > > > GET /exchange/ HTTP/1.1 > Host: owa.bse-electronic.com > User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; > rv:1.8.1.12) > Gecko/20080201 Firefox/2.0.0.12 > Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9 > ,text/plain;q=0.8,image/png,*/*;q=0.5 > Accept-Language: en-us,en;q=0.5 > Accept-Encoding: gzip,deflate > Accept-Charset: ISO-8859-9,utf-8;q=0.7,*;q=0.7 > Keep-Alive: 300 > Connection: keep-alive > > HTTP/1.x 401 Accès refusé > Server: Microsoft-IIS/5.0 > Date: Thu, 13 Mar 2008 15:24:11 GMT > WWW-Authenticate: Negotiate > WWW-Authenticate: NTLM > WWW-Authenticate: Basic realm="owa.bse-electronic.com" > Connection: close > Content-Length: 21 > Content-Type: text/html > ---------------------------------------------------------- > http://owa.bse-electronic.com/exchange/ > > GET /exchange/ HTTP/1.1 > Host: owa.bse-electronic.com > User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; > rv:1.8.1.12) > Gecko/20080201 Firefox/2.0.0.12 > Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9 > ,text/plain;q=0.8,image/png,*/*;q=0.5 > Accept-Language: en-us,en;q=0.5 > Accept-Encoding: gzip,deflate > Accept-Charset: ISO-8859-9,utf-8;q=0.7,*;q=0.7 > Keep-Alive: 300 > Connection: keep-alive > Authorization: NTLM TlRMTVNTUAABAAAAB4IIAAAAAAAAAAAAAAAAAAAAAAA= > > HTTP/1.x 401 Accès refusé > Server: Microsoft-IIS/5.0 > Date: Thu, 13 Mar 2008 15:24:11 GMT > WWW-Authenticate: NTLM > TlRMTVNTUAACAAAAEAAQADgAAAAFgokC8VYpuz2s8SIAAAAAAAAAAGoAagBIAAAABQCTCAAAAA9CAFMARQBfAEUATABFAEMAAgAQAEIAUwBFAF8ARQBMAEUAQwABABIAQgBTAEUAUwBWAE0AWAAwADEABAAQAGIAcwBlAC4AcAByAGkAdgADACQAYgBzAGUAcwB2AG0AeAAwADEALgBiAHMAZQAuAHAAcgBpAHYAAAAAAA== > Content-Length: 21 > Content-Type: text/html > ---------------------------------------------------------- > http://owa.bse-electronic.com/exchange/ > > GET /exchange/ HTTP/1.1 > Host: owa.bse-electronic.com > User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; > rv:1.8.1.12) > Gecko/20080201 Firefox/2.0.0.12 > Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9 > ,text/plain;q=0.8,image/png,*/*;q=0.5 > Accept-Language: en-us,en;q=0.5 > Accept-Encoding: gzip,deflate > Accept-Charset: ISO-8859-9,utf-8;q=0.7,*;q=0.7 > Keep-Alive: 300 > Connection: keep-alive > Authorization: NTLM > TlRMTVNTUAADAAAAGAAYAGwAAAAYABgAhAAAABAAEABAAAAAEAAQAFAAAAAMAAwAYAAAAAAAAAAAAAAABYIIAGIAcwBlAF8AZQBsAGUAYwBiAGUAcgB0AGgAaQBlAHIARgBTAFQALQBQAEMAUarbyBJsZtQAAAAAAAAAAAAAAAAAAAAAbCFXau+34aWkUUfX4Vij+pk+Cycz/sGL > > HTTP/1.x 200 OK > Server: Microsoft-IIS/5.0 > Date: Thu, 13 Mar 2008 15:24:11 GMT > X-Powered-By: ASP.NET > Set-Cookie: sessionid=f16c7fbb-8272-4539-9e19-4b94ed2b26d5:0x409; > path=/exchange/ > Content-Type: text/html > Content-Length: 1154 > MS-WebStorage: 6.5.7226 > Cache-Control: no-cache > ---------------------------------------------------------- > > Now thorugh IQRP, it's as this: > > http://localhost/exchange > > GET /exchange HTTP/1.1 > Host: localhost > User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; > rv:1.8.1.12) > Gecko/20080201 Firefox/2.0.0.12 > Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9 > ,text/plain;q=0.8,image/png,*/*;q=0.5 > Accept-Language: en-us,en;q=0.5 > Accept-Encoding: gzip,deflate > Accept-Charset: ISO-8859-9,utf-8;q=0.7,*;q=0.7 > Keep-Alive: 300 > Connection: keep-alive > Cookie: IQDomain=78A08D0CB479AEF16CBF5DFB902F8B2C; > ASPSESSIONIDSAATQSDA=CJFDAKHCKBDBPHLBBFJAHHPJ > > HTTP/1.x 401 Accès refusé > Set-Cookie: IQDomain=78A08D0CB479AEF16CBF5DFB902F8B2C; PATH=/; > EXPIRES=Thu, > 20 Mar 2008 15:42:25 GMT; > Server: Fastream IQ Reverse Proxy 1.6.2R > Date: Thu, 13 Mar 2008 15:46:59 GMT > WWW-Authenticate: Negotiate > WWW-Authenticate: NTLM > WWW-Authenticate: Basic realm="owa.bse-electronic.com" > Connection: keep-alive > Content-Length: 23 > Content-Type: text/html > ---------------------------------------------------------- > http://localhost/exchange > > GET /exchange HTTP/1.1 > Host: localhost > User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; > rv:1.8.1.12) > Gecko/20080201 Firefox/2.0.0.12 > Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9 > ,text/plain;q=0.8,image/png,*/*;q=0.5 > Accept-Language: en-us,en;q=0.5 > Accept-Encoding: gzip,deflate > Accept-Charset: ISO-8859-9,utf-8;q=0.7,*;q=0.7 > Keep-Alive: 300 > Connection: keep-alive > Cookie: IQDomain=78A08D0CB479AEF16CBF5DFB902F8B2C; > ASPSESSIONIDSAATQSDA=CJFDAKHCKBDBPHLBBFJAHHPJ > Authorization: NTLM TlRMTVNTUAABAAAAB4IIAAAAAAAAAAAAAAAAAAAAAAA= > > HTTP/1.x 401 Accès refusé > Set-Cookie: IQDomain=78A08D0CB479AEF16CBF5DFB902F8B2C; PATH=/; > EXPIRES=Thu, > 20 Mar 2008 15:44:51 GMT; > Server: Fastream IQ Reverse Proxy 1.6.2R > Date: Thu, 13 Mar 2008 15:49:23 GMT > WWW-Authenticate: NTLM > TlRMTVNTUAACAAAAEAAQADgAAAAFgokCKRW5KceUxnoAAAAAAAAAAGoAagBIAAAABQCTCAAAAA9CAFMARQBfAEUATABFAEMAAgAQAEIAUwBFAF8ARQBMAEUAQwABABIAQgBTAEUAUwBWAE0AWAAwADEABAAQAGIAcwBlAC4AcAByAGkAdgADACQAYgBzAGUAcwB2AG0AeAAwADEALgBiAHMAZQAuAHAAcgBpAHYAAAAAAA== > Content-Length: 23 > Content-Type: text/html > Connection: keep-alive > ---------------------------------------------------------- > http://localhost/exchange > > GET /exchange HTTP/1.1 > Host: localhost > User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; > rv:1.8.1.12) > Gecko/20080201 Firefox/2.0.0.12 > Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9 > ,text/plain;q=0.8,image/png,*/*;q=0.5 > Accept-Language: en-us,en;q=0.5 > Accept-Encoding: gzip,deflate > Accept-Charset: ISO-8859-9,utf-8;q=0.7,*;q=0.7 > Keep-Alive: 300 > Connection: keep-alive > Cookie: IQDomain=78A08D0CB479AEF16CBF5DFB902F8B2C; > ASPSESSIONIDSAATQSDA=CJFDAKHCKBDBPHLBBFJAHHPJ > Authorization: NTLM > TlRMTVNTUAADAAAAGAAYAGwAAAAYABgAhAAAABAAEABAAAAAEAAQAFAAAAAMAAwAYAAAAAAAAAAAAAAABYIIAGIAcwBlAF8AZQBsAGUAYwBiAGUAcgB0AGgAaQBlAHIARgBTAFQALQBQAEMAuDRoY5vm7JsAAAAAAAAAAAAAAAAAAAAAWMq4+peniVTGiP7QADIE0xaTGReIk9D2 > > HTTP/1.x 401 Accès refusé > Set-Cookie: IQDomain=78A08D0CB479AEF16CBF5DFB902F8B2C; PATH=/; > EXPIRES=Thu, > 20 Mar 2008 15:44:53 GMT; > Server: Fastream IQ Reverse Proxy 1.6.2R > Date: Thu, 13 Mar 2008 15:49:29 GMT > WWW-Authenticate: Negotiate > WWW-Authenticate: NTLM > WWW-Authenticate: Basic realm="owa.bse-electronic.com" > Connection: keep-alive > Content-Length: 23 > Content-Type: text/html > ---------------------------------------------------------- > > Please help. You can find IQRP latest object code here: > > http://www.fastream.net/IQReverseProxy.exe > > The OWA listed above is open to my IP only but you should be getting > the > idea from above, IMHO... > > Best Regards, > > SZ -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
