[squid-users] Re: Re: Re: Re[squid-users] verse proxy to Sharepoint from afstcklnd on 2008-07-10 (squid-users)

From: afstcklnd <andrew.stickland_at_spirititconsulting.com>
Date: Thu, 10 Jul 2008 16:31:40 -0700 (PDT)

Not having a dig at you but I'm going round in circle here - has noone ever
done this successfully before?

Microsoft IAS is heavy, unwieldy and unfriendly so we chose to use Squid to
act as reverse proxy for limited remote access to various MS Sharepoint
sites (applications as they like to call them).

After a lot of reading, it seemed sensible to run on latest linux and squid
and use ntlm for authentication - it all points that way out there on the
net.

I then find that ntlm is not supported in 3.0 so built and earlier version
and now today, get the info that we shouldn't authenticate on squid anyway
as we should hand-off through to sharepoint servers.

Set this up and find that squid 2.7 does not support http 1.1 -
aggghhhhhhhhhh.

login=PASS does hand off to sharepoint OK - however, sharepoint returns
everything under http 1.1 with "objectmoved" - new target does not get
replaced with external url for the site so external access suddenly finds
itself pointing somewhere strange.

If I ever get this working, I might write a book and make a fortune :) or
maybe not because if people wanted it, someone would have written it
already.

Henrik, you seem to be the guru - what do you advise???

Henrik Nordstrom-5 wrote:
>
> On tor, 2008-07-10 at 09:18 -0700, afstcklnd wrote:
>> Having removed all http_access accept the ntlm users bit, authorisation
>> process goes through OK, however, the security token is not getting
>> through
>> to sharepoint. Squid debug shows the GET followed by a reply with
>> "Unauthorised" from the sharepoint server.
>
> Maybe this:
>
> "Access to password protected content fails via the reverse proxy"
> http://wiki.squid-cache.org/SquidFaq/ReverseProxy#head-c59962b21bb8e2a437beb149bcce3190ee1c03fd
>
>
> Regarding authentication, it's generally a bad idea to use
> authentication both at the reverse proxy and the web server. There is
> only one slot fror "web server authentication" in HTTP and things can
> get a bit confusing if you have two servers using that same slot at the
> same time...
>
>
> Regards
> Henrik
>
>
>

-- 
View this message in context: http://www.nabble.com/Reverse-proxy-to-Sharepoint-tp17909397p18394067.html
Sent from the Squid - Users mailing list archive at Nabble.com.

Received on Thu Jul 10 2008 - 23:31:43 MDT

This archive was generated by hypermail 2.2.0 : Fri Jul 11 2008 - 12:00:03 MDT