RE: [squid-users] Need help to configure MS Exchange RPC over HTTP

Thanks for the reply, Clem.

We use NTLM for authentication. We may be able to enable HTTP authentication for the virtual directory (/rpc) but we may not be able to do that for the whole exchange since some other programs use NTLM auth.

After I posted the message, I compared my Apache reverse proxy server log for MS RPC and squid's log for MS RPC. I noticed the message are the same (http code 200 and 401). I used very old Apache for that since newer Apache does not support MS RPC over http.

Ruiyuan Jiang

-----Original Message-----
From: Clem [mailto:clemfree_at_free.fr]
Sent: Thursday, May 24, 2012 1:47 AM
To: Ruiyuan Jiang
Cc: squid-users_at_squid-cache.org
Subject: Re: [squid-users] Need help to configure MS Exchange RPC over HTTP

Hello Ruiyan,

Which auth have you set in your outlook anywhere setting ? Squid works
fine with Basic but has big troubles with NTLM.

regards

Clem

Le 23/05/2012 22:38, Ruiyuan Jiang a écrit :
> Hi, when I tried to test accessing MS exchange server, the outlook just kept prompt for the user name and password without luck. Here is the message from squid's access.log from the test:
>
> 1337803935.354 6 207.46.14.62 TCP_MISS/200 294 RPC_IN_DATA https://webmail.juicycouture.com/Rpc/RpcProxy.dll - PINNED/exchangeServer application/rpc
> 1337803937.876 6 207.46.14.62 TCP_MISS/401 666 RPC_IN_DATA https://webmail.juicycouture.com/rpc/rpcproxy.dll? - FIRST_UP_PARENT/exchangeServer text/html
> 1337803937.965 11 207.46.14.62 TCP_MISS/401 389 RPC_IN_DATA https://webmail.juicycouture.com/rpc/rpcproxy.dll? - FIRST_UP_PARENT/exchangeServer text/html
> 1337803938.144 6 207.46.14.62 TCP_MISS/401 666 RPC_OUT_DATA https://webmail.juicycouture.com/rpc/rpcproxy.dll? - FIRST_UP_PARENT/exchangeServer text/html
> 1337803938.229 6 207.46.14.62 TCP_MISS/401 389 RPC_OUT_DATA https://webmail.juicycouture.com/rpc/rpcproxy.dll? - FIRST_UP_PARENT/exchangeServer text/html
>
>
> Here is my squid.conf for the test:
>
> https_port 156.146.2.196:443 accel cert=/opt/squid-3.1.19/ssl.crt/webmail_juicycouture_com.crt key=/opt/squid-3.1.19/ssl.crt/webmail_juicycouture_com.key cafile=/opt/apache2.2.21/conf/ssl.crt/DigiCertCA.crt defaultsite=webmail.juicycouture.com
>
> cache_peer internal_ex_serv parent 443 0 no-query originserver login=PASS ssl sslflags=DONT_VERIFY_PEER,DONT_VERIFY_DOMAIN name=exchangeServer
>
> acl EXCH dstdomain .juicycouture.com
>
> cache_peer_access exchangeServer allow EXCH
> cache_peer_access exchangeServer deny all
> never_direct allow EXCH
>
> http_access allow EXCH
> http_access deny all
> miss_access allow EXCH
> miss_access deny all
>
>
> Where did I do wrong? I also tried a different squid.conf (basically remove all the ACLs) but got the same message in access.log:
>
> https_port 156.146.2.196:443 accel cert=/opt/squid-3.1.19/ssl.crt/webmail_juicycouture_com.crt key=/opt/squid-3.1.19/ssl.crt/webmail_juicycouture_com.key cafile=/opt/apache2.2.21/conf/ssl.crt/DigiCertCA.crt defaultsite=webmail.juicycouture.com
>
> cache_peer internal_ex_serv parent 443 0 no-query originserver login=PASS ssl sslflags=DONT_VERIFY_PEER,DONT_VERIFY_DOMAIN name=exchangeServer
>
> cache_peer_access exchangeServer allow all
>
> http_access allow all
> miss_access allow all
>
> Thanks.
>
> Ryan Jiang
>
>
>
> This message (including any attachments) is intended
> solely for the specific individual(s) or entity(ies) named
> above, and may contain legally privileged and
> confidential information. If you are not the intended
> recipient, please notify the sender immediately by
> replying to this message and then delete it.
> Any disclosure, copying, or distribution of this message,
> or the taking of any action based on it, by other than the
> intended recipient, is strictly prohibited.
>
>

This message (including any attachments) is intended
solely for the specific individual(s) or entity(ies) named
above, and may contain legally privileged and
confidential information. If you are not the intended
recipient, please notify the sender immediately by
replying to this message and then delete it.
Any disclosure, copying, or distribution of this message,
or the taking of any action based on it, by other than the
intended recipient, is strictly prohibited.
Received on Thu May 24 2012 - 14:37:25 MDT