[squid-users] Reverse Proxy, OWA RPCoHTTPS and NTLM authentication passthrough from Abdessamad BARAKAT on 2008-07-14 (squid-users)

From: Abdessamad BARAKAT <abdsamad_at_barakat.fr>
Date: Mon, 14 Jul 2008 12:39:37 +0200

Hi,

I need to reverse proxied a OWA 2007 service and I have some problems
with NTLM authentication and the RPC connection. Squid offers a SSL
service and connect himself to the OWA with a SSL connection

The NTLM authentication was made bu the OWA so I need squid to pass
the credentials without modified them.

Actually I get only 401 error code but when I switch the
authentication to "Basic authentication" on the Outlook anywhere's
settings, It's working. I want really to have the NTLM authentication
working for don't ask all users to change their settings.

The squid is chrooted.

I have tried the following versions:

- 3.0 STABLE7

- 2.7STABLE3

- 2.6STABLE21

- 2.6STABLE3

My setup (sometime I need to add acl all or logfile_daemon beetween
versions, that's all) :

#### CHROOT
chroot /usr/local/squid
mime_table /etc/mime.conf
icon_directory /share/icons
error_directory /share/errors/English
unlinkd_program /libexec/unlinkd
cache_dir ufs /var/cache 100 16 256
cache_store_log /var/logs/store.log
access_log /var/logs/access.log squid
pid_filename /var/logs/squid.pid
logfile_daemon /libexec/logfile-daemon
####

# Define the required extension methods
extension_methods RPC_IN_DATA RPC_OUT_DATA

# Publish the RPCoHTTP service via SSL
https_port 192.168.1.122:8443 cert=/etc/apache2/ssl/
webmail.corporate.com.p
em defaultsite=webmail.corporate.com
cache_peer 172.16.18.13 parent 443 0 no-query originserver login=PASS
ssl sslfl
ags=DONT_VERIFY_PEER name=exchangeServer

acl all src 0.0.0.0/0.0.0.0
acl EXCH dstdomain .corporate.com
cache_peer_access exchangeServer allow EXCH
cache_peer_access exchangeServer deny all
never_direct allow EXCH
# Lock down access to just the Exchange Server!
http_access allow EXCH
http_access deny all
miss_access allow EXCH
miss_access deny all

#no local caching
#maximum_object_size 0 KB
#minimum_object_size 0 KB
#no_cache deny all

#access_log /usr/local/squid/var/logs/access.log squid

Thanks a lot for any tips or informations .
Received on Mon Jul 14 2008 - 10:39:50 MDT

This archive was generated by hypermail 2.2.0 : Wed Jul 16 2008 - 12:00:04 MDT