I've now installed the 3.2.0.8 with the following switches: Squid Cache: Version 3.2.0.8 configure options: '--prefix=/usr/local/squid3beta' '--datadir=/usr/share/squid3beta' '--sysconfdir=/etc/squid3beta' '--mandir=/usr/share/man' '--with-cppunit-basedir=/usr' '--enable-ssl' '--with-logdir=/var/log/squid3beta' '--with-pidfile=/var/run/squid3beta.pid' '--with-default-user=proxy'
Log says: 1317906993.050 17 10.100.9.29 TCP_MISS/401 315 RPC_IN_DATA https://external.address.com/rpc/rpcproxy.dll? - FIRSTUP_PARENT/exchangeServer text/html 1317906993.051 9 10.100.9.29 TCP_MISS_ABORTED/000 0 RPC_OUT_DATA https://external.address.com/rpc/rpcproxy.dll? - FIRSTUP_PARENT/exchangeServer - 1317907005.165 9 10.100.9.29 TCP_MISS/401 315 RPC_IN_DATA https://external.address.com/rpc/rpcproxy.dll? - FIRSTUP_PARENT/exchangeServer text/html 1317907005.166 0 10.100.9.29 TCP_MISS_ABORTED/000 0 RPC_OUT_DATA https://external.address.com/rpc/rpcproxy.dll? - FIRSTUP_PARENT/exchangeServer - Nicola On 6Oct, 2011, at 2:22 PM, Amos Jeffries wrote: > On 06/10/11 23:12, Nicola Bucci wrote: >> Thanks for the quick reply, OWA works fine for me... is RPC the problem. >> Anyway, here is my squid.conf: >> >> acl all src all >> acl manager proto cache_object >> acl localhost src 127.0.0.1/32 >> acl to_localhost dst 127.0.0.0/8 >> acl EXCH dstdomain .gmde.it >> acl SSL_ports port 443 # https >> acl SSL_ports port 563 # snews >> acl SSL_ports port 873 # rsync >> acl Safe_ports port 80 # http >> acl Safe_ports port 21 # ftp >> acl Safe_ports port 443 # https >> acl Safe_ports port 70 # gopher >> acl Safe_ports port 210 # wais >> acl Safe_ports port 1025-65535 # unregistered ports >> acl Safe_ports port 280 # http-mgmt >> acl Safe_ports port 488 # gss-http >> acl Safe_ports port 591 # filemaker >> acl Safe_ports port 777 # multiling http >> acl Safe_ports port 631 # cups >> acl Safe_ports port 873 # rsync >> acl Safe_ports port 901 # SWAT >> acl purge method PURGE >> acl CONNECT method CONNECT >> >> >> http_access allow SSL_ports >> >> ssl_unclean_shutdown on >> >> #Allow ICP queries from local networks only >> >> icp_access allow all all >> >> #http_port 3128 >> >> ###LISTEN ON ### >> https_port 443 cert=/etc/squid3/exchange.pem >> key=/etc/squid3/nopassexchange.key defaultsite=external.address.com >> >> ###CACHE PEER### >> #cache_peer 10.0.0.3 parent 443 0 no-query proxy-only connection-auth=on >> originserver front-end-https=on login=PASS ssl sslflags=DONT_VERIFY_PEER >> sslcert=/etc/squid3/exchange.pem sslkey=/etc/squid3/nopassexchange.key >> #cache_peer 10.0.0.3 parent 443 0 no-query originserver login=PASS ssl >> sslcert=/etc/squid/exchange.pem sslkey=/etc/squid/nopassexchange.key >> cache_peer 10.0.0.3 parent 443 0 connection-auth=off ssl >> sslflags=DONT_VERIFY_PEER sslcert=/etc/squid3/exchange.pem >> sslkey=/etc/squid3/nopassexchange.key proxy-only no-query no-digest >> front-end-https=on sourcehash round-robin originserver login=PASS >> name=exchangeServer >> >> >> #We recommend you to use at least the following line. >> hierarchy_stoplist cgi-bin ? >> >> access_log /var/log/squid3/access.log squid >> >> cache_effective_user proxy >> cache_effective_group root >> never_direct allow all all >> miss_access allow EXCH >> miss_access deny all >> cache_peer_access exchangeServer allow EXCH >> cache_peer_access exchangeServer deny all >> never_direct allow EXCH >> >> >> and "squid3 -v": >> >> configure options: '--build=x86_64-linux-gnu' '--prefix=/usr' >> '--includedir=${prefix}/include' '--mandir=${prefix}/share/man' >> '--infodir=${prefix}/share/info' '--sysconfdir=/etc' '--localstatedir=/var' >> '--libexecdir=${prefix}/lib/squid3' '--disable-maintainer-mode' >> '--disable-dependency-tracking' '--disable-silent-rules' '--srcdir=.' >> '--datadir=/usr/share/squid3' '--sysconfdir=/etc/squid3' >> '--mandir=/usr/share/man' '--with-cppunit-basedir=/usr' '--enable-ssl' >> '--enable-inline' '--enable-async-io=8' '--enable-storeio=ufs,aufs,diskd' >> '--enable-removal-policies=lru,heap' '--enable-delay-pools' >> '--enable-cache-digests' '--enable-underscores' '--enable-icap-client' >> '--enable-follow-x-forwarded-for' >> '--enable-auth=basic,digest,ntlm,negotiate' >> '--enable-basic-auth-helpers=LDAP,MSNT,NCSA,PAM,SASL,SMB,YP,DB,POP3,getpwnam,squid_radius_auth,multi-domain-NTLM' >> '--enable-ntlm-auth-helpers=smb_lm,' >> '--enable-digest-auth-helpers=ldap,password' >> '--enable-negotiate-auth-helpers=squid_kerb_ > auth' > '--enable-external-acl-helpers=ip_user,ldap_group,session,unix_group,wbinfo_group' > '--enable-arp-acl' '--enable-esi' '--disable-translation' > '--with-logdir=/var/log/squid3' '--with-pidfile=/var/run/squid3.pid' > '--with-filedescriptors=65536' '--with-large-files' > '--with-default-user=proxy' '--enable-linux-netfilter' > 'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 -g -Wall -O2' 'LDFLAGS=' > 'CPPFLAGS=' 'CXXFLAGS=-g -O2 -g -Wall -O2' --with-squid=/usr/src/squid3-3.1.6 >> >> >> Is there something wrong i'm doing? > > Maybe. The more recent Squid require mode to be configured explicitly > after the port. Or it defaults to forward-proxy. > > https_port 443 accel cert=... > > I think that was done after .6 but its worth doing anyway just to be ready. > >> Or simply squid don't handle RPC over HTTP with exchange? My goal will be to >> use squid instead other commercial products. Obviously :) >> Thanks >> >> On 6Oct, 2011, at 12:06 PM, Jakob Curdes wrote: >> >>> Am 06.10.2011 11:58, schrieb Nicola Bucci: >>>> Hi all, >>>> i'm trying to publish exchange web services on the web trough squid 3.1 on >>>> Debian. From my mac it works fine (mail and outlook for mac, OWA is >>>> working fine too) but from windows machines outlook asks me every time for >>>> the authentication credentials. The reason is because it use on mac a >>>> normal web service (hos/EWS/exchange.asmx), but from windows, outlook uses >>>> RPC over HTTP (in my case HTTPS). Suggestions? >>> http://wiki.squid-cache.org/ConfigExamples/Reverse/OutlookWebAccess ? >>> > > Some other possibilities: > some of the recent MS products (ActiveSync and AD 2010 being the most > noticable) don't handle talking through squid-3.1 very well due to its > being HTTP/1.0 on the client-facing side and HTTP/1.1 on the > server-facing side. They prefer same HTTP version facing both server and > client across the link, so squid-3.2 is needed as the relay for reliable > transactions. > 3.2.0.8 seems to be the most production-usable so far of the 3.2 betas > if you want to try it. > > > Amos > -- > Please be using > Current Stable Squid 2.7.STABLE9 or 3.1.15 > Beta testers wanted for 3.2.0.12
