Koozali.org: home of the SME Server
Legacy Forums => Experienced User Forum => Topic started by: eric on February 14, 2003, 08:45:59 AM
-
I've been able to get to my Outlook Web Access to function almost 100% correctly in Internet Explorer 6 SP 1 by doing this:
1.) mkdir -p /etc/e-smith/templates-custom/etc/squid/squid.conf
2.) pico 50extension_methods10SEARCH
add the line: extension_methods SEARCH
3.) /sbin/e-smith/expand-template /etc/squid/squid.conf
4.) service squid restart
I pulled some of this info from:
http://lists.netfilter.org/pipermail/netfilter/2002-November/040285.html
My problem is, although everything works fine, it constantly asks me for my password. I enter the password once, twice, sometimes even three times... Everything is still useable, I just get asked for my password a lot.
Any info you guys you gimmie would be great. Oh yeah, i RTFM...
-
Hi Eric
Having just gone through all of this, the answer depends on if you have access to the exchange server guru.
I do, since I am it.
Answer: Do not run exchange OWA as an http connection. Prepare a self-issued certificate for SSL on the exchange server and connection only as https.
What is happening is that squid does not understand the webdav extensions that MS use for OWA. I seem to recall reading that although squid does recognise the webdav standards, MS have some 'special' extensions ;-) that fall over.
They fall over because the ip packet for the webdav is treated as a spoofed packet within the squid or ipchains config.
By using https, you are effectively encapsulating the the webdav inside an ssl packet and masking the problematic webdav header information.
I rejigged the exchange server for SSL using an MS instruction set and both SME configs that I have at remote locations access the exchange perfectly. Repeated password issue has gone away. I am assuming that it all works correctly although its only been 2 days since I completed this excercise.
Incidentally, I would not be running OWA via http for preference in any case, as it generally means that the users password is going out as clear text which is not helpful. But it was happening on the server that I manage due to some other issues that were fixed in the previous week... one step at a time !
Hope this helps.
cheers
Tony
-
Could you point me to the info where you "jigged" the exchange server.
Thanks a bunch,
Eric
-
Hi Eric
I used a couple of references for info
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q248107
http://support.microsoft.com/default.aspx?scid=kb;en-us;324069
http://support.microsoft.com/default.aspx?scid=kb;en-us;307347
http://www.hostingcontroller.com/english/support/kb/PrinterFriendlyPage.asp?articleID=48
The basics are:
Configure a w2k server in your AD/Domain as a Cert Authority for your org.
From the Ex2K server request a cert from your CA
Authorise it on the CA server
Install the cert to the Ex2K server
Set the IIS website to use the https - prefer required rather than optional
One thing that slowed me down was the host header info for the web site, I initially tried adding the host header name with port 443 into the port 80 area - ie non-secured - of the form, when I should have added them into the bottom section of the same dialog which is for secured options. It took me 30 minutes of double-checking before I realised the error.
cheers
Tony