Hi,
I'm trying to get Apache to work as a proxy/loadbalancer for Microsoft
Lync/Sharepoint in order to replace Microsoft's TMG.
It seems like things are going wrong with the authentication part. For
some reason Apache is not passing the credentials through correctly.
I do get a login-box. But when I enter my credentials I end up with a
401 "Unauthorized: ..." error.
I've tried both with and without the "proxy-chain-auth" setting but it
has no effect.
I've also tried doing authentication on the proxy against the Active
Directory (both with LDAP and NTLM) but then I first get the Apache
login promt (which succeeds) and then I get a second login promt which
fails.
Am I missing something or is this just not possible with Apache on
Linux? Hopefully someone can help me out here...
Apache is running on a "Redhat Linux 6" machine with it's default apache
(2.2.15). And the application servers are either Lync or Sharepoint
servers running Windows 2013.
This is my configuration:
---
<VirtualHost XXX.XXX.XXX.XXX:443>
LogLevel Debug
ServerName lyncweb.domain.com
ServerAlias lyncdiscover.domain.com meet.domain.com dialin.domain.com
ProxyRequests off
ProxyReceiveBufferSize 4096
SSLProxyEngine on
Header add Set-Cookie "MS-WSMAN=.%{BALANCER_WORKER_ROUTE}e; path=/"
env=BALANCER_ROUTE_CHANGED
<Proxy balancer://lync>
BalancerMember https://XXX.XXX.XXX.XXX:4443 route=node1
connectiontimeout=300000 timeout=300000
BalancerMember https://XXX.XXX.XXX.XXX:4443 route=node2
connectiontimeout=300000 timeout=300000
ProxySet lbmethod=byrequests
ProxySet stickysession=MS-WSMAN
SetEnv force-proxy-request-1.0 1
SetEnv proxy-nokeepalive 1
SetEnv proxy-chain-auth On
RequestHeader unset Expect early
</Proxy>
KeepAlive On
SetEnv proxy-chain-auth On
ProxyPreserveHost On
ProxyPass /balancer-manager !
ProxyPass / balancer://lync/
ProxyPassReverse / balancer://lync/
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/lync.crt
SSLCertificateKeyFile /etc/pki/tls/private/lync.key
</VirtualHost>
---
Thanks,
Marco.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org