Article delegate-en/4104 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
[Reference:<_A4103@delegate-en.ML_>]
Newsgroups: mail-lists.delegate-en

[DeleGate-En] Re: FW: [DeleGate-En] Windows Integrated Authentication
05 Sep 2008 02:12:38 GMT feedback@delegate.org (Yutaka Sato)
The DeleGate Project


Hi Willy,

First of all, it seems that I disabled the ability to relay NTLM
authentication with AUTHORIZER=-ntht or -Enh.  It should be fixed
as the enclosed patch.  I uploaded the modified version as 9.8.5-pre1.
Thank you for your notice.

In message <_A4103@delegate-en.ML_> on 09/04/08(19:09:05)
you "Nagel, Willy" <ptihqbdyi-xtc56tzuernr.ml@ml.delegate.org> wrote:
 |AUTHORIZER=-ntht
...
 |The setup is as follows:
 |
 |IIS (destination ip) - (other-ip-of-delegate-server) delegate
 |(ip-to-listen-on) - client 
 |
 |In IIS windows integrated authentication (NTLM) is enabled.
 |
 |Still, when connecting to delegate, I'm unable to connect. The logfile
 |shows:
 |
 |09/04 09:59:33.97 [2444] 3+1: REQUEST - GET / HTTP/1.1^M
 |09/04 09:59:33.97 [2444] 3+1: *** / => destination_ip/ ***
 |09/04 09:59:33.97 [2444] 3+1: REQUEST +M destination_ip/ HTTP/1.1^M
 |09/04 09:59:33.98 [2444] 3+1: ----NTHT accept 0 MO=1 UT=0
 |09/04 09:59:33.98 [2444] 3+1: ----NTHT_accept(0,53,53) ss=0
 |09/04 09:59:33.98 [2444] 3+1: ####cred name=NT AUTHORITY\SYSTEM
 |09/04 09:59:33.98 [2444] 3+1: ====NTLM Start
...
 |09/04 09:59:33.98 [2444] 3+1: disconnected [53] -@[ip]hostname:31199

The NTLM authentication is achieved in two phases and this log shows
only the first phase just to return a challenge response to the client.
The problem was in the second phase to be followed right after this.

 |Is there something wrong in my setup / configuration or did I miss
 |anything? Any help would be appreciated.
 |
 |In your documentation I don't find anything about the -Enh option.

It is not ducumented because It might be the default behavior in
future version.

Cheers,
Yutaka
--
  9 9   Yutaka Sato <y.sato@delegate.org> http://delegate.org/y.sato/
 ( ~ )  National Institute of Advanced Industrial Science and Technology
_<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
Do the more with the less -- B. Fuller

*** dist/src/delegate9.8.4/src/http.c	Wed Sep  3 05:11:24 2008
--- src/http.c	Fri Sep  5 09:51:03 2008
***************
*** 11443,11450 ****
--- 11443,11457 ----
  		if( lSECRET() ){
  			sv1log("----NTHT retryAuth: %s%sX\n",REQ,REQ_FIELDS);
  		}
+ 		/*
  		if( (withNTHT & NTHT_REQ) && (withNTHT & NTHT_RES) ){
+ 		*/
+ 		if( withNTHT & NTHT_RES ){
+ 			if( withNTHT & NTHT_CLAUTHOK ){
+ 				sv1log("----NTHT with client's auth.\n");
+ 			}else
  			if( (HTTP_opts & HTTP_DOAUTHCONV) == 0 ){
+ 				sv1log("----NTHT without auth. conv.\n");
  				flushRESP(Conn,ftc);
  				return;
  			}

  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V