[users@httpd] Apache Proxy/Loadbalancer for Microsoft Lync/Sharepoint (authentication issue).

Tue, 14 Jan 2014 05:16:22 -0800 

Hi,
I'm trying to get Apache to work as a proxy/loadbalancer for Microsoft Lync/Sharepoint in order to replace Microsoft's TMG. 


It seems like things are going wrong with the authentication part. For 
some reason Apache is not passing the credentials through correctly.



I do get a login-box. But when I enter my credentials I end up with a 
401 "Unauthorized: ..." error.



I've tried both with and without the "proxy-chain-auth" setting but it 
has no effect.



I've also tried doing authentication on the proxy against the Active 
Directory (both with LDAP and NTLM) but then I first get the Apache 
login promt (which succeeds) and then I get a second login promt which 
fails.



Am I missing something or is this just not possible with Apache on 
Linux? Hopefully someone can help me out here...



Apache is running on a "Redhat Linux 6" machine with it's default apache 
(2.2.15). And the application servers are either Lync or Sharepoint 
servers running Windows 2013.


This is my configuration:
---
<VirtualHost XXX.XXX.XXX.XXX:443>
        LogLevel Debug
        ServerName lyncweb.domain.com
        ServerAlias lyncdiscover.domain.com meet.domain.com dialin.domain.com
        ProxyRequests off
        ProxyReceiveBufferSize 4096
        SSLProxyEngine on

	Header add Set-Cookie "MS-WSMAN=.%{BALANCER_WORKER_ROUTE}e; path=/" 
env=BALANCER_ROUTE_CHANGED


        <Proxy balancer://lync>

                BalancerMember https://XXX.XXX.XXX.XXX:4443 route=node1 
connectiontimeout=300000 timeout=300000
                BalancerMember https://XXX.XXX.XXX.XXX:4443 route=node2 
connectiontimeout=300000 timeout=300000


                ProxySet lbmethod=byrequests
                ProxySet stickysession=MS-WSMAN
                SetEnv force-proxy-request-1.0 1
                SetEnv proxy-nokeepalive 1
                SetEnv proxy-chain-auth On
                RequestHeader unset Expect early
        </Proxy>

        KeepAlive On
        SetEnv proxy-chain-auth On
        ProxyPreserveHost On
        ProxyPass /balancer-manager !
        ProxyPass / balancer://lync/
        ProxyPassReverse / balancer://lync/

        SSLEngine on
        SSLCertificateFile /etc/pki/tls/certs/lync.crt
        SSLCertificateKeyFile /etc/pki/tls/private/lync.key
</VirtualHost>
---

Thanks,
Marco.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org















    











					Reply via email to