Re: [squid-users] Squid3 and Exchange 2003 Web Access

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Wed, 25 May 2011 20:59:23 +1200

On 19/05/11 11:14, Eliezer Croitoru wrote:
> On 18/05/2011 20:24, Stefanos Vizikidis wrote:
>
>> I am running version 3.1.11.
>>
> well if you have a squid proxy that is not using any auth methods but
> only basic ACLS and specific domain\ip no caching options..
> it should be weird.
> on what port and what protocol this exchange server working?
> SSL?
> 443?
> other?
> it can might be some cookies problem so you can take a naked squid on
> let say ubuntu .. stable one from ubutnu releases 2.7 or 3 and make sure
> it works with them.
> (proxy only without caching.. )
> i dont have an exchange server that i can try it on but if you wish to
> send me an account and server i will try to use my squid if you want.
> also we will benefit if one of the squid-users have exchange server and
> can help us with it.
>
> Eliezer
>
>> On Wed, May 18, 2011 at 8:22 PM, Chad Naugle wrote:
>>> What version of Squid3 are you using? Because 3.1.X has a feature
>>> called "connection pinning" that is required for web-based NTLM
>>> authentication to a website, which is separate from the proxy auth.
>>>
>>>>>> Stefanos Vizikidis 5/18/2011 12:59 PM
>>> I tried reaching the same Outlook Web Access from outside of the
>>> netwrok through a Squid with no authentication at all and i get the
>>> same results, so i assume that ntlm authentication is not the case.
>>>
>>> I don't know if i am not really into the point. Correct me if
>>> disabling ntlm auth will do something else besides what i describe
>>> above.
>>>
>>>
>>> On Wed, May 18, 2011 at 12:01 PM, Eliezer Croitoru wrote:
>>>> disable the NTLM auth for the exchange and local servers..
>>>>
>>>> if they are protected with passwords already and they are
>>> internal\specific
>>>> use you can disable for these servers
>>>> the need for squid AUTHENTICATION.
>>>>
>>>>
>>>> On 18/05/2011 11:05, Stefanos Vizikidis wrote:
>>>>
>>>>> Hi!
>>>>>
>>>>> I have recently set up a Squid3 using also Kerberos and NTLM
>>>>> authentication for integration with Active Directory Services.
>>>>> My only problem is that the users cannot access the Outlook Web
>>>>> Access. They get two different login windows and then an Error
>>> Access
>>>>> Denied.
>>>>> I have seen that a lot of people have the same issue but i cannot
>>> find
>>>>> a solution as Exchange 2003 is rather old.
>>>>> Any help will be good.
>>>>> If anything needed from the logs i would be glad to post it.
>>>>>
>>>>> Thanks in advance.
>>>>

Check that your config matches the example one (we know that works):
   http://wiki.squid-cache.org/ConfigExamples/Reverse/OutlookWebAccess
   http://wiki.squid-cache.org/ConfigExamples/Reverse/ExchangeRpc

OWA and Exchange are very sensitive about connection details passed on,
so deviation in the cache_peer from the carefully checked example steps
is known to cause issues.

  One particularly big *MUST* is that the OWA/Exchange config follows
the reverse-proxy rule of placement near the top of the config file. At
worst, above any other http_access lines.

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE9 or 3.1.12
   Beta testers wanted for 3.2.0.7 and 3.1.12.1
Received on Wed May 25 2011 - 08:59:30 MDT

This archive was generated by hypermail 2.2.0 : Wed May 25 2011 - 12:00:03 MDT