Bug 39680 - mod_proxy opens connections that disturb NTLM
Summary: mod_proxy opens connections that disturb NTLM
Status: RESOLVED DUPLICATE of bug 39673
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: mod_proxy (show other bugs)
Version: 2.2.0
Hardware: Sun Solaris
: P2 normal (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
URL: http://alsaha2.fares.net/sahat/.ee6b2ff
Depends on:
Reported: 2006-05-30 06:23 UTC by Olivier BOEL
Modified: 2008-02-16 05:26 UTC (History)
0 users


Note You need to log in before you can comment on or make changes to this bug.
Description Olivier BOEL 2006-05-30 06:23:45 UTC
The following configuration works fine with Apache 2.0 :
- client : IE + Windows XP
- Reverse Proxy : Apache 2.0 running on solaris 9
- IIS (Windows) server with NTLM authentication enabled
When a protected page (via ACL on the IIS server) is accessed by the 
client, thanks to Windows integrated authentication, the page is 
displayed with any user intervention (user identification prompt).

Since Apache 2.2, user receives an identification prompt and, although 
the username/password he enters are correct, he is not authorized.

Looking at the network traffic, it seems that the NTLM authentication 
process is made of 3 requests.
Between the client and the RP, they use a single connection (same 
Between the RP and the IIS server, they use a single connection if the 
RP is running on Apache 2.0; however, with Apache 2.2, the 3 requests 
use 3 different connections (3 ports), which make NTLM fail.
This problem is reproductible at will.
I tried the "ProxyPass keepalive=On" directive but it didn't help.

Is there a workaround?
Comment 1 Ruediger Pluem 2006-05-30 19:54:32 UTC

*** This bug has been marked as a duplicate of 39673 ***