Steve Johnson
2006-Jan-05 20:43 UTC
[CentOS] Apache reverse proxy authentication problem on RHEL based distribs only
Hi, I'm currently setting up an Apache SSL reverse proxy for Exchange 2003 Outlook Web Access. The setup that I have works fine on my Gentoo laptop or on a Trustix server, however, when I try to set it up on an RHEL based distro, with the exact same virtual host settings, I get some weird error with the authentication mechanism. I have tried with both CentOS 4.2, based off the server CD and Whitebox 4 and I get the same result. We did a network trace off the Exchange server, and noticed we noticed what is the problem, but can't figure out why only the configuration from those distros are causing it. When getting the HTTP authentication prompt from the Apache front-end, I enter "domain\user" for the user, but the Apache front-end only sends back part of the authentication string to the exchange. As an example, "domain\user" would only send back "d\u" to the Exchange server. This does not happen at all with the other distributions, as I get the full "domain\user" string sent back to the Exchange. Does anyone have any idea as to what could be causing this, and how I might go about fixing it? All our environment consists of the same distribution and I would prefer not to introduce a different one just for this purpose. Here is my virtual host configuration for this: =================================<VirtualHost xxx.xxx.xxx.xxx:443> ServerName testproxy.domain.com SSLEngine On SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key RequestHeader set Front-End-Https "On" ProxyRequests Off ProxyPreserveHost On LogLevel debug <Location /exchange> ProxyPass http://yyy.yyy.yyy.yyy/exchange ProxyPassReverse http://yyy.yyy.yyy.yyy/exchange SSLRequireSSL </Location> <Location /exchweb> ProxyPass http://yyy.yyy.yyy.yyy/exchweb ProxyPassReverse http://yyy.yyy.yyy.yyy/exchweb SSLRequireSSL </Location> <Location /public> ProxyPass http://yyy.yyy.yyy.yyy/public ProxyPassReverse http://yyy.yyy.yyy.yyy/public SSLRequireSSL </Location> </VirtualHost> ================================= Any information will be appreciated. Thanks, Steve Johnson
Todd Reed
2006-Jan-05 21:15 UTC
[CentOS] Apache reverse proxy authentication problem on RHEL based distribs only
Not sure, but instead of using the domain\user, try using user at domain. That is what we tell our users to use and it seems to work. We are using OWA with form-based login...not HTTP_AUTH. We do this because our SSO connector does not support HTTP Autentication. I wonder if it is something in the passing of the \ that causes it. I don't know. I don't know if it will help, but it is something easy to try. -----Original Message----- From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On Behalf Of Steve Johnson Sent: Thursday, January 05, 2006 2:43 PM To: centos at centos.org Subject: [CentOS] Apache reverse proxy authentication problem on RHEL based distribs only Hi, I'm currently setting up an Apache SSL reverse proxy for Exchange 2003 Outlook Web Access. The setup that I have works fine on my Gentoo laptop or on a Trustix server, however, when I try to set it up on an RHEL based distro, with the exact same virtual host settings, I get some weird error with the authentication mechanism. I have tried with both CentOS 4.2, based off the server CD and Whitebox 4 and I get the same result. We did a network trace off the Exchange server, and noticed we noticed what is the problem, but can't figure out why only the configuration from those distros are causing it. When getting the HTTP authentication prompt from the Apache front-end, I enter "domain\user" for the user, but the Apache front-end only sends back part of the authentication string to the exchange. As an example, "domain\user" would only send back "d\u" to the Exchange server. This does not happen at all with the other distributions, as I get the full "domain\user" string sent back to the Exchange. Does anyone have any idea as to what could be causing this, and how I might go about fixing it? All our environment consists of the same distribution and I would prefer not to introduce a different one just for this purpose. Here is my virtual host configuration for this: =================================<VirtualHost xxx.xxx.xxx.xxx:443> ServerName testproxy.domain.com SSLEngine On SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key RequestHeader set Front-End-Https "On" ProxyRequests Off ProxyPreserveHost On LogLevel debug <Location /exchange> ProxyPass http://yyy.yyy.yyy.yyy/exchange ProxyPassReverse http://yyy.yyy.yyy.yyy/exchange SSLRequireSSL </Location> <Location /exchweb> ProxyPass http://yyy.yyy.yyy.yyy/exchweb ProxyPassReverse http://yyy.yyy.yyy.yyy/exchweb SSLRequireSSL </Location> <Location /public> ProxyPass http://yyy.yyy.yyy.yyy/public ProxyPassReverse http://yyy.yyy.yyy.yyy/public SSLRequireSSL </Location> </VirtualHost> ================================= Any information will be appreciated. Thanks, Steve Johnson _______________________________________________ CentOS mailing list CentOS at centos.org http://lists.centos.org/mailman/listinfo/centos
Apparently Analagous Threads
- [PATCH server] oVirt server single network installer
- How to Auto Add forward slash "/" when accessing a link/url through ProxyPass
- Question about replacing the web interface with an audio stream
- problem apache proxy reverse
- Can''t seem to get rewrite rules to work with Apache