Has anyone been able to get SharePoint using NTLM working with SQUID as a reverse proxy?

Question

We have a SQUID reverse proxy and a MOSS 2007 portal. All sites are using NTLM. We cannot get it working with SQUID as a reverse proxy. Any ideas where to start? JavaScript questions and answers, JavaScript questions pdf, JavaScript question bank, JavaScript questions and answers pdf, mcq on JavaScript pdf, JavaScript questions and solutions, JavaScript mcq Test , Interview JavaScript questions, JavaScript Questions for Interview, JavaScript MCQ (Multiple Choice Questions)

Answer 1

Can you switch to Kerberos instead of NTLM? You're encountering the "Double-Hop Issue", whereby NTLM authentication cannot traverse proxies or servers. This is outlined at this location: http://blogs.msdn.com/knowledgecast/archive/2007/01/31/the-double-hop-problem.aspx And over here: http://support.microsoft.com/default.aspx?scid=kb;en-us;329986 Double-Hop Issue The double-hop issue is when the ASPX page tries to use resources that are located on a server that is different from the IIS server. In our case, the first "hop" is from the web browser client to the IIS ASPX page; the second hop is to the AD. The AD requires a primary token. Therefore, the IIS server must know the password for the client to pass a primary token to the AD. If the IIS server has a secondary token, the NTAUTHORITY\ANONYMOUS account credentials are used. This account is not a domain account and has very limited access to the AD. The double-hop using a secondary token occurs, for example, when the browser client is authenticated to the IIS ASPX page by using NTLM authentication. In this example, the IIS server has a hashed version of the password as a result of using NTLM. If IIS turns around and passes the credentials to the AD, IIS is passing a hashed password. The AD cannot verify the password and, instead, authenticates by using the NTAUTHORITY\ANONYMOUS LOGON. On the other hand, if your browser client is authenticated to the IIS ASPX page by using Basic authentication, the IIS server has the client password and can make a primary token to pass to the AD. The AD can verify the password and does authenticate as the domain user. For more information, click the following article number to view the article in the Microsoft Knowledge Base: 264921 (http://support.microsoft.com/kb/264921/) How IIS authenticates browser clients If switching to Kerberos is not an option, have you investigated the Squid NTLM project? http://devel.squid-cache.org/ntlm/