Not having a dig at you but I'm going round in circle here - has noone ever done this successfully before? Microsoft IAS is heavy, unwieldy and unfriendly so we chose to use Squid to act as reverse proxy for limited remote access to various MS Sharepoint sites (applications as they like to call them). After a lot of reading, it seemed sensible to run on latest linux and squid and use ntlm for authentication - it all points that way out there on the net. I then find that ntlm is not supported in 3.0 so built and earlier version and now today, get the info that we shouldn't authenticate on squid anyway as we should hand-off through to sharepoint servers. Set this up and find that squid 2.7 does not support http 1.1 - aggghhhhhhhhhh. login=PASS does hand off to sharepoint OK - however, sharepoint returns everything under http 1.1 with "objectmoved" - new target does not get replaced with external url for the site so external access suddenly finds itself pointing somewhere strange. If I ever get this working, I might write a book and make a fortune :) or maybe not because if people wanted it, someone would have written it already. Henrik, you seem to be the guru - what do you advise??? Henrik Nordstrom-5 wrote: > > On tor, 2008-07-10 at 09:18 -0700, afstcklnd wrote: >> Having removed all http_access accept the ntlm users bit, authorisation >> process goes through OK, however, the security token is not getting >> through >> to sharepoint. Squid debug shows the GET followed by a reply with >> "Unauthorised" from the sharepoint server. > > Maybe this: > > "Access to password protected content fails via the reverse proxy" > http://wiki.squid-cache.org/SquidFaq/ReverseProxy#head-c59962b21bb8e2a437beb149bcce3190ee1c03fd > > > Regarding authentication, it's generally a bad idea to use > authentication both at the reverse proxy and the web server. There is > only one slot fror "web server authentication" in HTTP and things can > get a bit confusing if you have two servers using that same slot at the > same time... > > > Regards > Henrik > > > -- View this message in context: http://www.nabble.com/Reverse-proxy-to-Sharepoint-tp17909397p18394067.html Sent from the Squid - Users mailing list archive at Nabble.com.
