Forum Discussion
Clint_Denham_16
Nimbostratus
NimbostratusUnable to Save iRule Due To Formatting - Lync Clients With Negotiate Challenge
Can't seem to figure out how to post the iRule to DevCentral without it being one long string.
We're using LTM 10.2.3 HF1 and trying to add the iRule described here...
http://jerryslyncblog.wordpress.com/2011/10/30/credentials-are-required-lync-users-are-getting-password-prompt-when-connecting-to-lync-from-the-internet/
But I receive the error...
line 6: [braces are required around the expression] [when HTTP_REQUEST {
line 17: [braces are required around the expression] [when HTTP_RESPONSE {
Any idea what we're doing wrong?
Here's the iRule - this is the only way I could get it to Submit up to the DevCentral site
when RULE_INIT {
set static::disable_ntlm 0
set static::disable_negotiate 1
set static::disable_basic 1
}
when HTTP_REQUEST {
set lync_auth_in_progress 0
if { [HTTP::header User-Agent] contains “Microsoft Lync” } {
if { [HTTP::header exists "Authorization"] } {
set lync_auth_in_progress 0
} else {
set auth_host [string tolower [HTTP::host]]
set lync_auth_in_progress 1
}
}
}
when HTTP_RESPONSE {
if { ($lync_auth_in_progress) && ([HTTP::status] == “401?) && [HTTP::header exists WWW-Authenticate]} {
set auth_values_list [HTTP::header values WWW-Authenticate]
HTTP::header remove WWW-Authenticate
foreach auth_value $auth_values_list {
switch -glob [string tolower $auth_value] {
“ntlm” -
“ntlm *” {
if { not $static::disable_ntlm } {
HTTP::header insert “WWW-Authenticate” “$auth_value”
}
}
“negotiate” -
“negotiate *” {
if { not $static::disable_negotiate } {
HTTP::header insert “WWW-Authenticate” “$auth_value”
}
}
“basic” -
“basic *” {
if { not $static::disable_basic } {
HTTP::header insert “WWW-Authenticate” “$auth_value”
}
}
}
}
set lync_auth_in_progress 0
}
}
hooleylistCirrostratus
Hi Clint,
Some of the double quotes were replaced with non-standard quotes. Can you try this?
when RULE_INIT {
set static::disable_ntlm 0
set static::disable_negotiate 1
set static::disable_basic 1
}
when HTTP_REQUEST {
set lync_auth_in_progress 0
if { [HTTP::header User-Agent] contains "Microsoft Lync" } {
if { [HTTP::header "Authorization"] ne "" } {
set lync_auth_in_progress 0
} else {
set lync_auth_in_progress 1
}
}
}
when HTTP_RESPONSE {
if { $lync_auth_in_progress && [HTTP::status] == 401 && [HTTP::header WWW-Authenticate] ne ""} {
set auth_values_list [HTTP::header values WWW-Authenticate]
HTTP::header remove WWW-Authenticate
foreach auth_value $auth_values_list {
switch -glob [string tolower $auth_value] {
"ntlm" -
"ntlm *" {
if { not $static::disable_ntlm } {
HTTP::header insert "WWW-Authenticate" "$auth_value"
}
}
"negotiate" -
"negotiate *" {
if { not $static::disable_negotiate } {
HTTP::header insert "WWW-Authenticate" "$auth_value"
}
}
"basic" -
"basic *" {
if { not $static::disable_basic } {
HTTP::header insert "WWW-Authenticate" "$auth_value"
}
}
}
}
set lync_auth_in_progress 0
}
}
Aaron
Clint_Denham_16Thanks Aaron - that update returns this response...
01070151:3: Rule [lync.user.agent.detection.disable.negotiate.auth.for.lync.clients] error: line 9: [wrong args] [HTTP::header "Authorization" ne ""] line 17: [parse error: PARSE syntax 426 {syntax error in expression " ($lync_auth_in_progress) && [HTTP::status] == 401) && [HTTP...": extra tokens at end of expression}] [{ ($lync_auth_in_progress) && [HTTP::status] == 401) && [HTTP::header WWW-Authenticate] ne ""}]- hooleylistI edited my post above to fix a couple of typos. Can you try that?
Aaron - Clint_Denham_16Perfect - thanks Aaron. That worked.