[CentOS] Apache reverse proxy authentication problem on RHEL based distribs only

Steve Johnson maillist at sjohnson.info
Thu Jan 5 21:19:25 UTC 2006


Thanks for the hint, but unfortunately, we tried that, and although I 
did not check exactly what string the reverse proxy sent back to the 
real server, but the authentication was still refused. This had also 
wored with the others unfortunately :-\

Steve Johnson

Todd Reed wrote:
> Not sure, but instead of using the domain\user, try using user at domain.
> That is what we tell our users to use and it seems to work.  We are
> using OWA with form-based login...not HTTP_AUTH.  We do this because our
> SSO connector does not support HTTP Autentication.  
> 
> I wonder if it is something in the passing of the \ that causes it.  I
> don't know.
> 
> I don't know if it will help, but it is something easy to try.
> 
> 
> -----Original Message-----
> From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On
> Behalf Of Steve Johnson
> Sent: Thursday, January 05, 2006 2:43 PM
> To: centos at centos.org
> Subject: [CentOS] Apache reverse proxy authentication problem on RHEL
> based distribs only
> 
> Hi,
> 
> I'm currently setting up an Apache SSL reverse proxy for Exchange 2003 
> Outlook Web Access. The setup that I have works fine on my Gentoo laptop
> 
> or on a Trustix server, however, when I try to set it up on an RHEL 
> based distro, with the exact same virtual host settings, I get some 
> weird error with the authentication mechanism. I have tried with both 
> CentOS 4.2, based off the server CD and Whitebox 4 and I get the same 
> result.
> 
> We did a network trace off the Exchange server, and noticed we noticed 
> what is the problem, but can't figure out why only the configuration 
> from those distros are causing it. When getting the HTTP authentication 
> prompt from the Apache front-end, I enter "domain\user" for the user, 
> but the Apache front-end only sends back part of the authentication 
> string to the exchange. As an example, "domain\user" would only send 
> back "d\u" to the Exchange server. This does not happen at all with the 
> other distributions, as I get the full "domain\user" string sent back to
> 
> the Exchange.
> 
> Does anyone have any idea as to what could be causing this, and how I 
> might go about fixing it? All our environment consists of the same 
> distribution and I would prefer not to introduce a different one just 
> for this purpose.
> 
> Here is my virtual host configuration for this:
> 
> ==================================
> <VirtualHost xxx.xxx.xxx.xxx:443>
> 
>    ServerName testproxy.domain.com
> 
>    SSLEngine On
>    SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
>    SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
> 
>    RequestHeader set Front-End-Https "On"
> 
>    ProxyRequests Off
>    ProxyPreserveHost On
> 
>    LogLevel debug
> 
>    <Location /exchange>
>      ProxyPass http://yyy.yyy.yyy.yyy/exchange
>      ProxyPassReverse http://yyy.yyy.yyy.yyy/exchange
>      SSLRequireSSL
>    </Location>
> 
>    <Location /exchweb>
>      ProxyPass http://yyy.yyy.yyy.yyy/exchweb
>      ProxyPassReverse http://yyy.yyy.yyy.yyy/exchweb
>      SSLRequireSSL
>    </Location>
> 
>    <Location /public>
>      ProxyPass http://yyy.yyy.yyy.yyy/public
>      ProxyPassReverse http://yyy.yyy.yyy.yyy/public
>      SSLRequireSSL
>    </Location>
> </VirtualHost>
> ==================================
> 
> Any information will be appreciated.
> 
> Thanks,
> Steve Johnson
> 
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos




More information about the CentOS mailing list