[CentOS] Apache reverse proxy authentication problem on RHEL based distribs only

Thu Jan 5 21:15:54 UTC 2006
Todd Reed <treed at astate.edu>

Not sure, but instead of using the domain\user, try using user at domain.
That is what we tell our users to use and it seems to work.  We are
using OWA with form-based login...not HTTP_AUTH.  We do this because our
SSO connector does not support HTTP Autentication.  

I wonder if it is something in the passing of the \ that causes it.  I
don't know.

I don't know if it will help, but it is something easy to try.

-----Original Message-----
From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On
Behalf Of Steve Johnson
Sent: Thursday, January 05, 2006 2:43 PM
To: centos at centos.org
Subject: [CentOS] Apache reverse proxy authentication problem on RHEL
based distribs only


I'm currently setting up an Apache SSL reverse proxy for Exchange 2003 
Outlook Web Access. The setup that I have works fine on my Gentoo laptop

or on a Trustix server, however, when I try to set it up on an RHEL 
based distro, with the exact same virtual host settings, I get some 
weird error with the authentication mechanism. I have tried with both 
CentOS 4.2, based off the server CD and Whitebox 4 and I get the same 

We did a network trace off the Exchange server, and noticed we noticed 
what is the problem, but can't figure out why only the configuration 
from those distros are causing it. When getting the HTTP authentication 
prompt from the Apache front-end, I enter "domain\user" for the user, 
but the Apache front-end only sends back part of the authentication 
string to the exchange. As an example, "domain\user" would only send 
back "d\u" to the Exchange server. This does not happen at all with the 
other distributions, as I get the full "domain\user" string sent back to

the Exchange.

Does anyone have any idea as to what could be causing this, and how I 
might go about fixing it? All our environment consists of the same 
distribution and I would prefer not to introduce a different one just 
for this purpose.

Here is my virtual host configuration for this:

<VirtualHost xxx.xxx.xxx.xxx:443>

   ServerName testproxy.domain.com

   SSLEngine On
   SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
   SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key

   RequestHeader set Front-End-Https "On"

   ProxyRequests Off
   ProxyPreserveHost On

   LogLevel debug

   <Location /exchange>
     ProxyPass http://yyy.yyy.yyy.yyy/exchange
     ProxyPassReverse http://yyy.yyy.yyy.yyy/exchange

   <Location /exchweb>
     ProxyPass http://yyy.yyy.yyy.yyy/exchweb
     ProxyPassReverse http://yyy.yyy.yyy.yyy/exchweb

   <Location /public>
     ProxyPass http://yyy.yyy.yyy.yyy/public
     ProxyPassReverse http://yyy.yyy.yyy.yyy/public

Any information will be appreciated.

Steve Johnson

CentOS mailing list
CentOS at centos.org