[CentOS] Apache reverse proxy authentication problem on RHEL based distribs only
Steve Johnson
maillist at sjohnson.info
Thu Jan 5 21:19:25 UTC 2006
Thanks for the hint, but unfortunately, we tried that, and although I
did not check exactly what string the reverse proxy sent back to the
real server, but the authentication was still refused. This had also
wored with the others unfortunately :-\
Steve Johnson
Todd Reed wrote:
> Not sure, but instead of using the domain\user, try using user at domain.
> That is what we tell our users to use and it seems to work. We are
> using OWA with form-based login...not HTTP_AUTH. We do this because our
> SSO connector does not support HTTP Autentication.
>
> I wonder if it is something in the passing of the \ that causes it. I
> don't know.
>
> I don't know if it will help, but it is something easy to try.
>
>
> -----Original Message-----
> From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On
> Behalf Of Steve Johnson
> Sent: Thursday, January 05, 2006 2:43 PM
> To: centos at centos.org
> Subject: [CentOS] Apache reverse proxy authentication problem on RHEL
> based distribs only
>
> Hi,
>
> I'm currently setting up an Apache SSL reverse proxy for Exchange 2003
> Outlook Web Access. The setup that I have works fine on my Gentoo laptop
>
> or on a Trustix server, however, when I try to set it up on an RHEL
> based distro, with the exact same virtual host settings, I get some
> weird error with the authentication mechanism. I have tried with both
> CentOS 4.2, based off the server CD and Whitebox 4 and I get the same
> result.
>
> We did a network trace off the Exchange server, and noticed we noticed
> what is the problem, but can't figure out why only the configuration
> from those distros are causing it. When getting the HTTP authentication
> prompt from the Apache front-end, I enter "domain\user" for the user,
> but the Apache front-end only sends back part of the authentication
> string to the exchange. As an example, "domain\user" would only send
> back "d\u" to the Exchange server. This does not happen at all with the
> other distributions, as I get the full "domain\user" string sent back to
>
> the Exchange.
>
> Does anyone have any idea as to what could be causing this, and how I
> might go about fixing it? All our environment consists of the same
> distribution and I would prefer not to introduce a different one just
> for this purpose.
>
> Here is my virtual host configuration for this:
>
> ==================================
> <VirtualHost xxx.xxx.xxx.xxx:443>
>
> ServerName testproxy.domain.com
>
> SSLEngine On
> SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
> SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
>
> RequestHeader set Front-End-Https "On"
>
> ProxyRequests Off
> ProxyPreserveHost On
>
> LogLevel debug
>
> <Location /exchange>
> ProxyPass http://yyy.yyy.yyy.yyy/exchange
> ProxyPassReverse http://yyy.yyy.yyy.yyy/exchange
> SSLRequireSSL
> </Location>
>
> <Location /exchweb>
> ProxyPass http://yyy.yyy.yyy.yyy/exchweb
> ProxyPassReverse http://yyy.yyy.yyy.yyy/exchweb
> SSLRequireSSL
> </Location>
>
> <Location /public>
> ProxyPass http://yyy.yyy.yyy.yyy/public
> ProxyPassReverse http://yyy.yyy.yyy.yyy/public
> SSLRequireSSL
> </Location>
> </VirtualHost>
> ==================================
>
> Any information will be appreciated.
>
> Thanks,
> Steve Johnson
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
More information about the CentOS
mailing list