Article delegate-en/4103 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
[Reference:<_A4099@delegate-en.ML_>]
Newsgroups: mail-lists.delegate-en

[DeleGate-En] Re: FW: [DeleGate-En] Windows Integrated Authentication
04 Sep 2008 10:12:23 GMT "Nagel, Willy" <ptihqbdyi-c4ifwxovy25r.ml@ml.delegate.org>


Hi Yutaka, 

Thanks for your reply.

I now have the following configuration:

-Pip-to-listen-on:443 
ADMIN=admin@oce.. 
DGROOT="/DeleGate/" 
DELAY=reject:0,unknown:0
SERVER=https
AUTHORIZER=-ntht
HTTPCONF=methods:*
STLS="fsv,fcl,sslway -cert lib/cert.crt -key lib/cert.key"
MOUNT="/* https://destination_ip/* via=other-ip-of-delegate-server"
REACHABLE=destination_ip:443
RELIABLE="*"

The setup is as follows:

IIS (destination ip) - (other-ip-of-delegate-server) delegate
(ip-to-listen-on) - client 

In IIS windows integrated authentication (NTLM) is enabled.

Still, when connecting to delegate, I'm unable to connect. The logfile
shows:

09/04 09:59:33.97 [2444] 3+1: REQUEST - GET / HTTP/1.1^M
09/04 09:59:33.97 [2444] 3+1: *** / => destination_ip/ ***
09/04 09:59:33.97 [2444] 3+1: REQUEST +M destination_ip/ HTTP/1.1^M
09/04 09:59:33.98 [2444] 3+1: ----NTHT accept 0 MO=1 UT=0
09/04 09:59:33.98 [2444] 3+1: ----NTHT_accept(0,53,53) ss=0
09/04 09:59:33.98 [2444] 3+1: ####cred name=NT AUTHORITY\SYSTEM
09/04 09:59:33.98 [2444] 3+1: ====NTLM Start
09/04 09:59:33.98 [2444] 3+1: SOCKET recv(41)=0 error=0 [0.000] TCP
AF_INET :1228 << :1227 
09/04 09:59:33.98 [2444] 3+1: ## SSLway FCL S-C:64/1 C-S:713/1
(WIN) 08:59:33.982 [2444] send(346) = -1+0 errno=10058 [1728]
09/04 09:59:33.98 [2444] 3+1: ## got SIGPIPE [1] in HTTP: 
(WIN) 08:59:33.982 [2444] +++EPIPE[53] fflushTIMEOUT() for EOF
09/04 09:59:33.98 [2444] 3+1: ClientEOF: request-EOF-7 [53 53] 330 8000
1
09/04 09:59:33.98 [2444] 3+1: HCKA:[0] closed -- d:by client(request
EOF-7)
09/04 09:59:33.98 [2444] 3+1: disconnected [53] -@[ip]hostname:31199
(0.328s)(0)

Is there something wrong in my setup / configuration or did I miss
anything? Any help would be appreciated.

In your documentation I don't find anything about the -Enh option.

Kind regards,

Willy Nagel.



-----Original Message-----
From: Yutaka Sato [mailto:feedback@delegate.org] 
Sent: Tuesday, September 02, 2008 8:17 PM
To: feedback@delegate.org
Cc: Nagel, Willy
Subject: Re: [DeleGate-En] FW: [DeleGate-En] Windows Integrated
Authentication

Hi,

In message
<_A4098@delegate-en.ML_>
on 09/02/08(20:53:51) you "Nagel, Willy" <ptihqbdyi-c4ifwxovy25r.ml@ml.delegate.org> wrote:
 |This doesn't seem to resolve the issue. 
 |Maybe you have another clue?
 |Here's what appears in the logfile (beneath this logfile are results
|when not using the HTTPCONF add-rhead value):
...
 |Conveying NTLM authentication over HTTP seems be defined in RFC4559
and

It seems that I implemented "NTLM over HTTP" in DeleGate/9.8.2 as
CHANGES file records:
>9.8.2 080625 new {env,http}.c: added -Enh to enable NTHT proxy (NTLM 
>over HTTP)
Thus recent DeleGate should work with it with "-Enh" option.

Cheers,
Yutaka
--
  9 9   Yutaka Sato <y.sato@delegate.org> http://delegate.org/y.sato/
 ( ~ )  National Institute of Advanced Industrial Science and Technology
_<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
Do the more with the less -- B. Fuller


This message and attachment(s) are intended solely for use by the addressee and may contain information that is privileged, confidential or otherwise exempt from disclosure under applicable law.

If you are not the intended recipient or agent thereof responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited.

If you have received this communication in error, please notify the sender immediately by telephone and with a 'reply' message.

Thank you for your co-operation.



  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V