Re: [squid-users] Reverse Proxy, OWA RPCoHTTPS and NTLM authentication passthrough

From: Abdessamad BARAKAT <abdsamad_at_barakat.fr>
Date: Wed, 16 Jul 2008 19:25:32 +0200

Hi people,

Nobody for give me a feedback about this feature ( ntlm auth pass
through) ?

Thanks

Le 14 juil. 08 à 12:39, Abdessamad BARAKAT a écrit :

> Hi,
>
> I need to reverse proxied a OWA 2007 service and I have some
> problems with NTLM authentication and the RPC connection. Squid
> offers a SSL service and connect himself to the OWA with a SSL
> connection
>
> The NTLM authentication was made bu the OWA so I need squid to pass
> the credentials without modified them.
>
> Actually I get only 401 error code but when I switch the
> authentication to "Basic authentication" on the Outlook anywhere's
> settings, It's working. I want really to have the NTLM
> authentication working for don't ask all users to change their
> settings.
>
> The squid is chrooted.
>
> I have tried the following versions:
>
> - 3.0 STABLE7
>
> - 2.7STABLE3
>
> - 2.6STABLE21
>
> - 2.6STABLE3
>
> My setup (sometime I need to add acl all or logfile_daemon beetween
> versions, that's all) :
>
> #### CHROOT
> chroot /usr/local/squid
> mime_table /etc/mime.conf
> icon_directory /share/icons
> error_directory /share/errors/English
> unlinkd_program /libexec/unlinkd
> cache_dir ufs /var/cache 100 16 256
> cache_store_log /var/logs/store.log
> access_log /var/logs/access.log squid
> pid_filename /var/logs/squid.pid
> logfile_daemon /libexec/logfile-daemon
> ####
>
> # Define the required extension methods
> extension_methods RPC_IN_DATA RPC_OUT_DATA
>
> # Publish the RPCoHTTP service via SSL
> https_port 192.168.1.122:8443 cert=/etc/apache2/ssl/
> webmail.corporate.com.p
> em defaultsite=webmail.corporate.com
> cache_peer 172.16.18.13 parent 443 0 no-query originserver
> login=PASS ssl sslfl
> ags=DONT_VERIFY_PEER name=exchangeServer
>
> acl all src 0.0.0.0/0.0.0.0
> acl EXCH dstdomain .corporate.com
> cache_peer_access exchangeServer allow EXCH
> cache_peer_access exchangeServer deny all
> never_direct allow EXCH
> # Lock down access to just the Exchange Server!
> http_access allow EXCH
> http_access deny all
> miss_access allow EXCH
> miss_access deny all
>
> #no local caching
> #maximum_object_size 0 KB
> #minimum_object_size 0 KB
> #no_cache deny all
>
> #access_log /usr/local/squid/var/logs/access.log squid
>
>
> Thanks a lot for any tips or informations .
>
>
> !DSPAM:487b2e138671238159409!
>
Received on Wed Jul 16 2008 - 17:25:46 MDT

This archive was generated by hypermail 2.2.0 : Thu Jul 17 2008 - 12:00:03 MDT