Thanks for the hint, but unfortunately, we tried that, and although I did not check exactly what string the reverse proxy sent back to the real server, but the authentication was still refused. This had also wored with the others unfortunately :-\
Steve Johnson
Todd Reed wrote:
Not sure, but instead of using the domain\user, try using user@domain. That is what we tell our users to use and it seems to work. We are using OWA with form-based login...not HTTP_AUTH. We do this because our SSO connector does not support HTTP Autentication.
I wonder if it is something in the passing of the \ that causes it. I don't know.
I don't know if it will help, but it is something easy to try.
-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of Steve Johnson Sent: Thursday, January 05, 2006 2:43 PM To: centos@centos.org Subject: [CentOS] Apache reverse proxy authentication problem on RHEL based distribs only
Hi,
I'm currently setting up an Apache SSL reverse proxy for Exchange 2003 Outlook Web Access. The setup that I have works fine on my Gentoo laptop
or on a Trustix server, however, when I try to set it up on an RHEL based distro, with the exact same virtual host settings, I get some weird error with the authentication mechanism. I have tried with both CentOS 4.2, based off the server CD and Whitebox 4 and I get the same result.
We did a network trace off the Exchange server, and noticed we noticed what is the problem, but can't figure out why only the configuration from those distros are causing it. When getting the HTTP authentication prompt from the Apache front-end, I enter "domain\user" for the user, but the Apache front-end only sends back part of the authentication string to the exchange. As an example, "domain\user" would only send back "d\u" to the Exchange server. This does not happen at all with the other distributions, as I get the full "domain\user" string sent back to
the Exchange.
Does anyone have any idea as to what could be causing this, and how I might go about fixing it? All our environment consists of the same distribution and I would prefer not to introduce a different one just for this purpose.
Here is my virtual host configuration for this:
==================================
<VirtualHost xxx.xxx.xxx.xxx:443>
ServerName testproxy.domain.com
SSLEngine On SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
RequestHeader set Front-End-Https "On"
ProxyRequests Off ProxyPreserveHost On
LogLevel debug
<Location /exchange> ProxyPass http://yyy.yyy.yyy.yyy/exchange ProxyPassReverse http://yyy.yyy.yyy.yyy/exchange SSLRequireSSL
</Location>
<Location /exchweb> ProxyPass http://yyy.yyy.yyy.yyy/exchweb ProxyPassReverse http://yyy.yyy.yyy.yyy/exchweb SSLRequireSSL
</Location>
<Location /public> ProxyPass http://yyy.yyy.yyy.yyy/public ProxyPassReverse http://yyy.yyy.yyy.yyy/public SSLRequireSSL
</Location> </VirtualHost> ==================================
Any information will be appreciated.
Thanks, Steve Johnson
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos