On 01/06/11 01:26, Ori Besser wrote:
> Hello,
> I am trying to use squid as a reverse proxy to a Remote Desktop
> Gateway server (part of MS Win Server 2008 R2 Remote Desktop Services)
> with no success, I am just getting the login prompt over and over
> again and in the access log: TCP_MISS/401 373 RPC_OUT_DATA
> https://mydomain/rpc/rpcproxy.dll? - DEFAULT_PARENT/rdsServer
> text/plain.
>
> I am using Squid Cache: Version 3.2.0.8 and this is my squid.conf:
>
> acl manager proto cache_object
> acl localhost src 127.0.0.1/32 ::1
> acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1 acl localnet src
> 10.0.0.0/8 acl SSL_ports port 443
> acl Safe_ports port 80 # http
> acl Safe_ports port 21 # ftp
> acl Safe_ports port 443 # https
> acl Safe_ports port 70 # gopher
> acl Safe_ports port 210 # wais
> acl Safe_ports port 1025-65535 # unregistered ports
> acl Safe_ports port 280 # http-mgmt
> acl Safe_ports port 488 # gss-http
> acl Safe_ports port 591 # filemaker
> acl Safe_ports port 777 # multiling http
> acl CONNECT method CONNECT
>
> http_access allow manager localhost
> http_access deny manager
> http_access deny !Safe_ports
> http_access allow localnet
> http_access allow localhost
>
> hierarchy_stoplist cgi-bin ?
>
> cache_dir ufs /var/cache/squid 1024 16 256
>
> cache_effective_user proxy
> access_log /var/log/squid/access.log
> cache_log /var/log/squid/cache.log
> cache_store_log /var/log/squid/store.log
store.log is rarely useful and wastes a lot of Disk IO. You can erase
this line to gain a bit of speed.
> coredump_dir /var/cache
>
> refresh_pattern ^ftp: 1440 20% 10080
> refresh_pattern ^gopher: 1440 0% 1440
> refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
> refresh_pattern . 0 20% 4320
>
> https_port 443 cert=/etc/squid/certs/x.crt key=/etc/squid/certs/x.key
> accel defaultsite=my_external_domain_name
> cache_peer ip_of_rd_gateway parent 443 0 no-query originserver
> login=PASS connection-auth=on ssl name=rdsServer default
>
> acl RDS dstdomain my_external_domain_name
> cache_peer_access rdsServer allow RDS
> cache_peer_access rdsServer deny all
> http_access allow RDS
> http_access deny all
> miss_access allow RDS
> miss_access deny all
>
>
> The certificate is OK, I have no issues connecting to the rd web
> access site and even authenticate on it, just when a connection is
> attempted to the rd gateway I am getting the login prompts.
>
> Does anyone knows about some magic that can solve this?
>
> Thanks.
http://wiki.squid-cache.org/ConfigExamples/Reverse/ExchngeRpc
* login=PASS uses Basic auth protocol. Check that Exchange is
configured to match.
NP: for something more secure 3.2 can do login=NEGOTIATE for Kerberos.
You may also be able to use "login=PASSTHRU connection-auth=on", but we
have not checked that yet with Exchange.
Amos
-- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.12 Beta testers wanted for 3.2.0.8 and 3.1.12.2Received on Tue May 31 2011 - 14:57:17 MDT
This archive was generated by hypermail 2.2.0 : Tue May 31 2011 - 12:00:03 MDT