Apache Proxy/Loadbalancer for Microsoft Lync/Sharepoint (authentication issue).

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,
I'm trying to get Apache to work as a proxy/loadbalancer for Microsoft Lync/Sharepoint in order to replace Microsoft's TMG.
It seems like things are going wrong with the authentication part. For some reason Apache is not passing the credentials through correctly.
I do get a login-box. But when I enter my credentials I end up with a 401 "Unauthorized: ..." error.
I've tried both with and without the "proxy-chain-auth" setting but it has no effect.
I've also tried doing authentication on the proxy against the Active Directory (both with LDAP and NTLM) but then I first get the Apache login promt (which succeeds) and then I get a second login promt which fails.
Am I missing something or is this just not possible with Apache on Linux? Hopefully someone can help me out here...
Apache is running on a "Redhat Linux 6" machine with it's default apache (2.2.15). And the application servers are either Lync or Sharepoint servers running Windows 2013. 

This is my configuration:
---
<VirtualHost XXX.XXX.XXX.XXX:443>
	LogLevel Debug
        ServerName lyncweb.domain.com
	ServerAlias lyncdiscover.domain.com meet.domain.com dialin.domain.com
        ProxyRequests off
	ProxyReceiveBufferSize 4096
	SSLProxyEngine on
Header add Set-Cookie "MS-WSMAN=.%{BALANCER_WORKER_ROUTE}e; path=/" env=BALANCER_ROUTE_CHANGED 

        <Proxy balancer://lync>
BalancerMember https://XXX.XXX.XXX.XXX:4443 route=node1 connectiontimeout=300000 timeout=300000 BalancerMember https://XXX.XXX.XXX.XXX:4443 route=node2 connectiontimeout=300000 timeout=300000 

                ProxySet lbmethod=byrequests
		ProxySet stickysession=MS-WSMAN
		SetEnv force-proxy-request-1.0 1
		SetEnv proxy-nokeepalive 1
		SetEnv proxy-chain-auth On
		RequestHeader unset Expect early
        </Proxy>

	KeepAlive On
	SetEnv proxy-chain-auth On
	ProxyPreserveHost On
        ProxyPass /balancer-manager !
        ProxyPass / balancer://lync/
        ProxyPassReverse / balancer://lync/

	SSLEngine on
	SSLCertificateFile /etc/pki/tls/certs/lync.crt
	SSLCertificateKeyFile /etc/pki/tls/private/lync.key
</VirtualHost>
---

Thanks,
Marco.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux