RE: NTLM authentication

From: Morris, Nat <>
Date: Wed, 21 Jan 2009 15:17:14 -0000

Earlier Willy Tarreau [] wrote...

> On Wed, Jan 14, 2009 at 08:45:18AM -0500, Guillaume Bourque wrote:
> > Hi,
> >
> > If my memory is corrected in Microsft documentation NTLM can't be
> > proxy unless you configure NTLM in a very specific way. Even Microsoft
> > proxy did not support NTLM.

> I believe it can be proxied (by a reverse-proxy at least) but it
> requires keep-alive because it relies on a 3-way challenge inside the same
> session. It sometimes causes trouble through some proxies because there is
> no way to force the connection to stay alive, especially under strong
> constraints on the proxies.

> Maybe for your application you can simply disable "option httpclose", but
> in mind that you'll not be able to log nor to perform content switching or
> filtering then.


We've now got this working, created a new backend with some content switching
rules to redirect sites that need NTLM support to it (in our case SharePoint)
and everything is running great.

Just disabled option httpclose on that backend.



Nat Morris
Pembrokeshire County Council
01437 775398 /

This document should only be read by those persons to whom it is addressed, and be used by them for its intended purpose; and must not otherwise be reproduced, copied, disseminated, disclosed, modified, distributed, published or actioned. If you have received this email in error, please notify us immediately by telephone on 01437 775882 and delete it from your computer immediately. This email address must not be passed on to any third party nor be used for any other purpose.
Pembrokeshire County Council Website -
This signature also confirms that this email message has been swept for the presence of computer viruses and malicious code.
Dim ond y sawl y mae'r ddogfen hon wedi'i chyfeirio atynt ddylai ei darllen, a'i defnyddio ganddynt ar gyfer ei dibenion bwriadedig; ac ni ddylid fel arall ei hatgynhyrchu, copio, lledaenu, datgelu, addasu, dosbarthu, cyhoeddi na'i rhoi ar waith chwaith. Os ydych chi wedi derbyn yr e-bost hwn trwy gamgymeriad, byddwch cystal a rhoi gwybod i ni ar unwaith trwy ffonio 01437 775882 a'i ddileu oddi ar eich cyfrifiadur ar unwaith. Ni ddylid rhoi'r cyfeiriad e-bost i unrhyw drydydd parti na'i ddefnyddio ar gyfer unrhyw ddiben arall chwaith.
Gwefan Cyngor Sir Penfro - 
Mae'r llofnod hwn hefyd yn cadarnhau bod y neges e-bost hon wedi cael ei harchwilio am fodolaeth firysau cyfrifiadurol a chod maleisus.
Received on 2009/01/21 16:17

This archive was generated by hypermail 2.2.0 : 2009/01/21 16:30 CET