On 06/10/11 23:12, Nicola Bucci wrote:
> Thanks for the quick reply, OWA works fine for me... is RPC the problem. Anyway, here is my squid.conf:
>
> acl all src all
> acl manager proto cache_object
> acl localhost src 127.0.0.1/32
> acl to_localhost dst 127.0.0.0/8
> acl EXCH dstdomain .gmde.it
> acl SSL_ports port 443 # https
> acl SSL_ports port 563 # snews
> acl SSL_ports port 873 # rsync
> acl Safe_ports port 80 # http
> acl Safe_ports port 21 # ftp
> acl Safe_ports port 443 # https
> acl Safe_ports port 70 # gopher
> acl Safe_ports port 210 # wais
> acl Safe_ports port 1025-65535 # unregistered ports
> acl Safe_ports port 280 # http-mgmt
> acl Safe_ports port 488 # gss-http
> acl Safe_ports port 591 # filemaker
> acl Safe_ports port 777 # multiling http
> acl Safe_ports port 631 # cups
> acl Safe_ports port 873 # rsync
> acl Safe_ports port 901 # SWAT
> acl purge method PURGE
> acl CONNECT method CONNECT
>
>
> http_access allow SSL_ports
>
> ssl_unclean_shutdown on
>
> #Allow ICP queries from local networks only
>
> icp_access allow all all
>
> #http_port 3128
>
> ###LISTEN ON ###
> https_port 443 cert=/etc/squid3/exchange.pem key=/etc/squid3/nopassexchange.key defaultsite=gmdeag3.gmde.it
>
> ###CACHE PEER###
> #cache_peer 10.0.0.3 parent 443 0 no-query proxy-only connection-auth=on originserver front-end-https=on login=PASS ssl sslflags=DONT_VERIFY_PEER sslcert=/etc/squid3/exchange.pem sslkey=/etc/squid3/nopassexchange.key
> #cache_peer 10.0.0.3 parent 443 0 no-query originserver login=PASS ssl sslcert=/etc/squid/exchange.pem sslkey=/etc/squid/nopassexchange.key
> cache_peer 10.0.0.3 parent 443 0 connection-auth=off ssl sslflags=DONT_VERIFY_PEER sslcert=/etc/squid3/exchange.pem sslkey=/etc/squid3/nopassexchange.key proxy-only no-query no-digest front-end-https=on sourcehash round-robin originserver login=PASS name=exchangeServer
>
>
> #We recommend you to use at least the following line.
> hierarchy_stoplist cgi-bin ?
>
> access_log /var/log/squid3/access.log squid
>
> cache_effective_user proxy
> cache_effective_group root
> never_direct allow all all
> miss_access allow EXCH
> miss_access deny all
> cache_peer_access exchangeServer allow EXCH
> cache_peer_access exchangeServer deny all
> never_direct allow EXCH
>
>
> and "squid3 -v":
>
> configure options: '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=${prefix}/include' '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--libexecdir=${prefix}/lib/squid3' '--disable-maintainer-mode' '--disable-dependency-tracking' '--disable-silent-rules' '--srcdir=.' '--datadir=/usr/share/squid3' '--sysconfdir=/etc/squid3' '--mandir=/usr/share/man' '--with-cppunit-basedir=/usr' '--enable-ssl' '--enable-inline' '--enable-async-io=8' '--enable-storeio=ufs,aufs,diskd' '--enable-removal-policies=lru,heap' '--enable-delay-pools' '--enable-cache-digests' '--enable-underscores' '--enable-icap-client' '--enable-follow-x-forwarded-for' '--enable-auth=basic,digest,ntlm,negotiate' '--enable-basic-auth-helpers=LDAP,MSNT,NCSA,PAM,SASL,SMB,YP,DB,POP3,getpwnam,squid_radius_auth,multi-domain-NTLM' '--enable-ntlm-auth-helpers=smb_lm,' '--enable-digest-auth-helpers=ldap,password' '--enable-negotiate-auth-helpers=squid_kerb_
auth' '--enable-external-acl-helpers=ip_user,ldap_group,session,unix_group,wbinfo_group' '--enable-arp-acl' '--enable-esi' '--disable-translation' '--with-logdir=/var/log/squid3' '--with-pidfile=/var/run/squid3.pid' '--with-filedescriptors=65536' '--with-large-files' '--with-default-user=proxy' '--enable-linux-netfilter' 'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 -g -Wall -O2' 'LDFLAGS=' 'CPPFLAGS=' 'CXXFLAGS=-g -O2 -g -Wall -O2' --with-squid=/usr/src/squid3-3.1.6
>
>
> Is there something wrong i'm doing?
Maybe. The more recent Squid require mode to be configured explicitly
after the port. Or it defaults to forward-proxy.
https_port 443 accel cert=...
I think that was done after .6 but its worth doing anyway just to be ready.
> Or simply squid don't handle RPC over HTTP with exchange? My goal will be to use squid instead other commercial products. Obviously :)
> Thanks
>
> On 6Oct, 2011, at 12:06 PM, Jakob Curdes wrote:
>
>> Am 06.10.2011 11:58, schrieb Nicola Bucci:
>>> Hi all,
>>> i'm trying to publish exchange web services on the web trough squid 3.1 on Debian. From my mac it works fine (mail and outlook for mac, OWA is working fine too) but from windows machines outlook asks me every time for the authentication credentials. The reason is because it use on mac a normal web service (hos/EWS/exchange.asmx), but from windows, outlook uses RPC over HTTP (in my case HTTPS). Suggestions?
>> http://wiki.squid-cache.org/ConfigExamples/Reverse/OutlookWebAccess ?
>>
Some other possibilities:
some of the recent MS products (ActiveSync and AD 2010 being the most
noticable) don't handle talking through squid-3.1 very well due to its
being HTTP/1.0 on the client-facing side and HTTP/1.1 on the
server-facing side. They prefer same HTTP version facing both server and
client across the link, so squid-3.2 is needed as the relay for reliable
transactions.
3.2.0.8 seems to be the most production-usable so far of the 3.2 betas
if you want to try it.
Amos
-- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.15 Beta testers wanted for 3.2.0.12Received on Thu Oct 06 2011 - 12:23:04 MDT
This archive was generated by hypermail 2.2.0 : Thu Oct 06 2011 - 12:00:02 MDT