httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marco van Putten <>
Subject [users@httpd] Apache Proxy/Loadbalancer for Microsoft Lync/Sharepoint (authentication issue).
Date Tue, 14 Jan 2014 13:14:27 GMT

I'm trying to get Apache to work as a proxy/loadbalancer for Microsoft 
Lync/Sharepoint in order to replace Microsoft's TMG.

It seems like things are going wrong with the authentication part. For 
some reason Apache is not passing the credentials through correctly.

I do get a login-box. But when I enter my credentials I end up with a 
401 "Unauthorized: ..." error.

I've tried both with and without the "proxy-chain-auth" setting but it 
has no effect.

I've also tried doing authentication on the proxy against the Active 
Directory (both with LDAP and NTLM) but then I first get the Apache 
login promt (which succeeds) and then I get a second login promt which 

Am I missing something or is this just not possible with Apache on 
Linux? Hopefully someone can help me out here...

Apache is running on a "Redhat Linux 6" machine with it's default apache 
(2.2.15). And the application servers are either Lync or Sharepoint 
servers running Windows 2013.

This is my configuration:
<VirtualHost XXX.XXX.XXX.XXX:443>
	LogLevel Debug
         ProxyRequests off
	ProxyReceiveBufferSize 4096
	SSLProxyEngine on
	Header add Set-Cookie "MS-WSMAN=.%{BALANCER_WORKER_ROUTE}e; path=/" 

         <Proxy balancer://lync>
                 BalancerMember https://XXX.XXX.XXX.XXX:4443 route=node1 
connectiontimeout=300000 timeout=300000
                 BalancerMember https://XXX.XXX.XXX.XXX:4443 route=node2 
connectiontimeout=300000 timeout=300000

                 ProxySet lbmethod=byrequests
		ProxySet stickysession=MS-WSMAN
		SetEnv force-proxy-request-1.0 1
		SetEnv proxy-nokeepalive 1
		SetEnv proxy-chain-auth On
		RequestHeader unset Expect early

	KeepAlive On
	SetEnv proxy-chain-auth On
	ProxyPreserveHost On
         ProxyPass /balancer-manager !
         ProxyPass / balancer://lync/
         ProxyPassReverse / balancer://lync/

	SSLEngine on
	SSLCertificateFile /etc/pki/tls/certs/lync.crt
	SSLCertificateKeyFile /etc/pki/tls/private/lync.key


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message