You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Marco van Putten <ma...@tudelft.nl> on 2014/01/14 14:14:27 UTC

[users@httpd] Apache Proxy/Loadbalancer for Microsoft Lync/Sharepoint (authentication issue).

Hi,

I'm trying to get Apache to work as a proxy/loadbalancer for Microsoft 
Lync/Sharepoint in order to replace Microsoft's TMG.

It seems like things are going wrong with the authentication part. For 
some reason Apache is not passing the credentials through correctly.

I do get a login-box. But when I enter my credentials I end up with a 
401 "Unauthorized: ..." error.

I've tried both with and without the "proxy-chain-auth" setting but it 
has no effect.

I've also tried doing authentication on the proxy against the Active 
Directory (both with LDAP and NTLM) but then I first get the Apache 
login promt (which succeeds) and then I get a second login promt which 
fails.

Am I missing something or is this just not possible with Apache on 
Linux? Hopefully someone can help me out here...

Apache is running on a "Redhat Linux 6" machine with it's default apache 
(2.2.15). And the application servers are either Lync or Sharepoint 
servers running Windows 2013.

This is my configuration:
---
<VirtualHost XXX.XXX.XXX.XXX:443>
	LogLevel Debug
         ServerName lyncweb.domain.com
	ServerAlias lyncdiscover.domain.com meet.domain.com dialin.domain.com
         ProxyRequests off
	ProxyReceiveBufferSize 4096
	SSLProxyEngine on
	Header add Set-Cookie "MS-WSMAN=.%{BALANCER_WORKER_ROUTE}e; path=/" 
env=BALANCER_ROUTE_CHANGED

         <Proxy balancer://lync>
                 BalancerMember https://XXX.XXX.XXX.XXX:4443 route=node1 
connectiontimeout=300000 timeout=300000
                 BalancerMember https://XXX.XXX.XXX.XXX:4443 route=node2 
connectiontimeout=300000 timeout=300000

                 ProxySet lbmethod=byrequests
		ProxySet stickysession=MS-WSMAN
		SetEnv force-proxy-request-1.0 1
		SetEnv proxy-nokeepalive 1
		SetEnv proxy-chain-auth On
		RequestHeader unset Expect early
         </Proxy>

	KeepAlive On
	SetEnv proxy-chain-auth On
	ProxyPreserveHost On
         ProxyPass /balancer-manager !
         ProxyPass / balancer://lync/
         ProxyPassReverse / balancer://lync/

	SSLEngine on
	SSLCertificateFile /etc/pki/tls/certs/lync.crt
	SSLCertificateKeyFile /etc/pki/tls/private/lync.key
</VirtualHost>
---

Thanks,
Marco.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org