Basic authentication does not work here, I don't know why. Can you elaborate on the 'login=NEGOTIATE'? I read about it in the config manual but its not so clear: login=NEGOTIATE If this is a personal/workgroup proxy and your parent requires a secure proxy authentication. The first principal from the default keytab or defined by the environment variable KRB5_KTNAME will be used. What is principal in this case? what is the default keytab? On Tue, May 31, 2011 at 5:57 PM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: > On 01/06/11 01:26, Ori Besser wrote: >> >> Hello, >> I am trying to use squid as a reverse proxy to a Remote Desktop >> Gateway server (part of MS Win Server 2008 R2 Remote Desktop Services) >> with no success, I am just getting the login prompt over and over >> again and in the access log: TCP_MISS/401 373 RPC_OUT_DATA >> https://mydomain/rpc/rpcproxy.dll? - DEFAULT_PARENT/rdsServer >> text/plain. >> >> I am using Squid Cache: Version 3.2.0.8 and this is my squid.conf: >> >> acl manager proto cache_object >> acl localhost src 127.0.0.1/32 ::1 >> acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1 acl localnet src >> 10.0.0.0/8 acl SSL_ports port 443 >> acl Safe_ports port 80 # http >> acl Safe_ports port 21 # ftp >> acl Safe_ports port 443 # https >> acl Safe_ports port 70 # gopher >> acl Safe_ports port 210 # wais >> acl Safe_ports port 1025-65535 # unregistered ports >> acl Safe_ports port 280 # http-mgmt >> acl Safe_ports port 488 # gss-http >> acl Safe_ports port 591 # filemaker >> acl Safe_ports port 777 # multiling http >> acl CONNECT method CONNECT >> >> http_access allow manager localhost >> http_access deny manager >> http_access deny !Safe_ports >> http_access allow localnet >> http_access allow localhost >> >> hierarchy_stoplist cgi-bin ? >> >> cache_dir ufs /var/cache/squid 1024 16 256 >> >> cache_effective_user proxy >> access_log /var/log/squid/access.log >> cache_log /var/log/squid/cache.log >> cache_store_log /var/log/squid/store.log > > store.log is rarely useful and wastes a lot of Disk IO. You can erase this > line to gain a bit of speed. > >> coredump_dir /var/cache >> >> refresh_pattern ^ftp: 1440 20% 10080 >> refresh_pattern ^gopher: 1440 0% 1440 >> refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 >> refresh_pattern . 0 20% 4320 >> >> https_port 443 cert=/etc/squid/certs/x.crt key=/etc/squid/certs/x.key >> accel defaultsite=my_external_domain_name >> cache_peer ip_of_rd_gateway parent 443 0 no-query originserver >> login=PASS connection-auth=on ssl name=rdsServer default >> >> acl RDS dstdomain my_external_domain_name >> cache_peer_access rdsServer allow RDS >> cache_peer_access rdsServer deny all >> http_access allow RDS >> http_access deny all >> miss_access allow RDS >> miss_access deny all >> >> >> The certificate is OK, I have no issues connecting to the rd web >> access site and even authenticate on it, just when a connection is >> attempted to the rd gateway I am getting the login prompts. >> >> Does anyone knows about some magic that can solve this? >> >> Thanks. > > http://wiki.squid-cache.org/ConfigExamples/Reverse/ExchngeRpc > > * login=PASS uses Basic auth protocol. Check that Exchange is configured to > match. > > NP: for something more secure 3.2 can do login=NEGOTIATE for Kerberos. > > > You may also be able to use "login=PASSTHRU connection-auth=on", but we have > not checked that yet with Exchange. > > Amos > -- > Please be using > Current Stable Squid 2.7.STABLE9 or 3.1.12 > Beta testers wanted for 3.2.0.8 and 3.1.12.2 >
