Article delegate-en/4115 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
[Reference:<_A4112@delegate-en.ML_>]
Newsgroups: mail-lists.delegate-en

[DeleGate-En] Re: FW: [DeleGate-En] Windows Integrated Authentication
08 Sep 2008 07:20:43 GMT "Nagel, Willy" <ptihqbdyi-bkxgh253i6nr.ml@ml.delegate.org>


Hi Yutaka,

Thanks for your help, but I'm still unsuccessfull.

I now user the following config:

-Plisten_ip:80
AUTHORIZER=-login
ADMIN=admin@test.. 
DGROOT=/DeleGate
SERVER=http
HTTPCONF=bugs:do-authconv
MOUNT="/* http://destination_ip/* via=server_ip"

And this results in the following logfile:

09/08 09:02:10.17 [3588] 1+2: (0) accepted [43]
-@[listen_ip]client_ip:1972 (0.016s)(1)
09/08 09:02:10.17 [3588] 1+2: Proxy: host=client_ip; User-Agent:
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.2; .NET CLR 1.1.4322);
DIRECT
09/08 09:02:10.17 [3588] 1+2: HCKA:[0] Keep-Alive; host=client_ip;
(User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.2; .NET CLR
1.1.4322))
09/08 09:02:10.19 [2744] 1+0: AcceptByMain: yielded to a Sticky (1)
09/08 09:02:10.19 [3588] 1+2: REQUEST - GET / HTTP/1.1^M
09/08 09:02:10.19 [3588] 1+2: *** / => http://destination_ip/ ***
09/08 09:02:10.19 [3588] 1+2: REQUEST +M http://destination_ip/
HTTP/1.1^M
09/08 09:02:10.19 [3588] 1+2: LongOuser(domain\user) ok=0
09/08 09:02:10.19 [3588] 1+2: AUTHORIZER=-login host=[]
user=[domain\user] -> NO
09/08 09:02:10.19 [3588] 1+2/1: HCKA:[1] closed -- a:authentication
failure
09/08 09:02:10.19 [3588] 1+2/1: disconnected [43]
-@[listen_ip]client_ip:1972 (0.031s)(0) 

Kind regards,

Willy

-----Original Message-----
From: Yutaka Sato [mailto:feedback@delegate.org] 
Sent: Friday, September 05, 2008 11:05 PM
To: feedback@delegate.org
Cc: Nagel, Willy
Subject: Re: [DeleGate-En] FW: [DeleGate-En] Windows Integrated
Authentication

Hi Willy,

On 09/05/08(18:51) I wrote in <_A4110@delegate-en.ML_>  |With which
browser and what URL are you accessing the DeleGate?
 |If you are accessing the DeleGate with "non-local hostname" with MSIE,
|NTLM is not enabled by default.

I'm reminded that this is the reason why I did not document well about
NTHT.  NTHT is only available with MSIE with a URL of restricted form of
host-name or with a special configuration of MSIE.
Thus I implemented an authenticaiton gateway between Basic-auth.-client
and NTLM-auth.-server which can be used as this.

  client -> [Basic authentication] -> DeleGate -> [NTLM] -> IIS
                                         |
                                      LogonUser

This is recorded in the CHANGES file as this:
>9.8.2 080630 new {access,winsspi}.c: AUTHORIZER=-login using LogonUser 
>on Win32
>9.8.2 080628 new {http,winsspi}.c: Basic auth. client to NTHT server 
>gateway
>9.8.2 080628 new {http,winsspi}.c: added AUTHORIZER=-ntht to be NTHT 
>server
>9.8.2 080625 new {env,http}.c: added -Enh to enable NTHT proxy (NTLM 
>over HTTP)

This gateway feature is enabled with the following parameters, but I'm
not sure if it works for any users on Windows in general.

  AUTHORIZER=-login
  HTTPCONF=bugs:do-authconv

Cheers,
Yutaka
--
  9 9   Yutaka Sato <y.sato@delegate.org> http://delegate.org/y.sato/
 ( ~ )  National Institute of Advanced Industrial Science and Technology
_<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
Do the more with the less -- B. Fuller




This message and attachment(s) are intended solely for use by the addressee and may contain information that is privileged, confidential or otherwise exempt from disclosure under applicable law.

If you are not the intended recipient or agent thereof responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited.

If you have received this communication in error, please notify the sender immediately by telephone and with a 'reply' message.

Thank you for your co-operation.



  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V