NTLM authentication

From: Morris, Nat <nat.morris#pembrokeshire.gov.uk>
Date: Wed, 14 Jan 2009 10:59:50 -0000


Hi all,

We've been using HAProxy internally for a few years now, we've got a pair of Ubuntu boxes (VRRP between them) infront of a selection of identical IIS boxes,
hosting our business apps, CRM, HR, intranet etc.

I've added a new site onto the web servers, this is the first one that uses NTLM to authenticate users without them logging in. Using Internet Explorer if I connect direct to a server it works, but when I going via HAProxy no page
is returned.

I ran Ethereal on one of the web servers to see what was happening and saw the
client and server negotiate via HAProxy, after negotiation was complete IE sent
"Connection: Keep-Alive\r\n".

When I turned keep alive off in IIS and tried connecting direct it failed too,
am I right in presuming as HAProxy doesn't support keep alive NTLM won't work?

Thanks,

Nat.

-- 
Nat Morris
Pembrokeshire County Council


**************************************************************************************************************
This document should only be read by those persons to whom it is addressed, and be used by them for its intended purpose; and must not otherwise be reproduced, copied, disseminated, disclosed, modified, distributed, published or actioned. If you have received this email in error, please notify us immediately by telephone on 01437 775882 and delete it from your computer immediately. This email address must not be passed on to any third party nor be used for any other purpose. Pembrokeshire County Council Website - http://www.pembrokeshire.gov.uk This signature also confirms that this email message has been swept for the presence of computer viruses and malicious code.
***************************************************************************************************************
Dim ond y sawl y mae'r ddogfen hon wedi'i chyfeirio atynt ddylai ei darllen, a'i defnyddio ganddynt ar gyfer ei dibenion bwriadedig; ac ni ddylid fel arall ei hatgynhyrchu, copio, lledaenu, datgelu, addasu, dosbarthu, cyhoeddi na'i rhoi ar waith chwaith. Os ydych chi wedi derbyn yr e-bost hwn trwy gamgymeriad, byddwch cystal a rhoi gwybod i ni ar unwaith trwy ffonio 01437 775882 a'i ddileu oddi ar eich cyfrifiadur ar unwaith. Ni ddylid rhoi'r cyfeiriad e-bost i unrhyw drydydd parti na'i ddefnyddio ar gyfer unrhyw ddiben arall chwaith. Gwefan Cyngor Sir Penfro - http://www.pembrokeshire.gov.uk Mae'r llofnod hwn hefyd yn cadarnhau bod y neges e-bost hon wedi cael ei harchwilio am fodolaeth firysau cyfrifiadurol a chod maleisus.
***************************************************************************************************************
Received on 2009/01/14 11:59

This archive was generated by hypermail 2.2.0 : 2009/01/14 12:00 CET