-
Notifications
You must be signed in to change notification settings - Fork 621
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OPNsense Caddy Plugin - Didn't forward NTLM #4160
Comments
Please show me how the Caddyfile looks like. I want to see if the http_ntlm option is there or not. Which os-caddy was your prior version and which version are you on now? EDIT: As a baseline, last time I tested it with Exchange 2019 and Outlook was when I evaluated NTLM again here: #4072 That was after the Binary of Caddy has been updated to 2.8.4. So I tested it in os-caddy-1.5.7. There hasn't been any difference with the build or with the template in that regard. So essentially there should not be a difference right now. |
Sooo...
I use the OPNsense in 27.7_9 and os-caddy in 1.6.1. |
I have just set up "Windows Authentication" in an ISS, and set it to NTLM, and protected the default ISS website with it. Then I tested the authentication with NTLM and without NTLM in Caddy. Without NTLM aktivated, the login mask appeared after each try. With NTLM aktivated, I got authenticated. So it should work essentially. That means there is a configuration error here. Can you open the Caddyfile /usr/local/etc/caddy/Caddyfile and turn this:
Into this:
After editing and saving the Caddyfile, issue a:
That will reload Caddy without regenerating the template. Afterwards test it again please. |
I edit the caddyfile to your schema. I got the same error... |
Hm, the OPNsense edit the Caddyfile after a reboot to the old version with tls activated. The config change is not saving... |
Can you configure the server correctly for TLS. Import the self signed exchange certificate, select it as TLS trust pool.
Check out the docs: https://docs.opnsense.org/manual/how-tos/caddy.html#reverse-proxy-the-opnsense-webgui I hope that works, if not, I don't have an exchange server I can test it with anymore. I only confirmed it working with IIS itself. |
Important notices
Before you add a new report, we ask you kindly to acknowledge the following:
Describe the bug
I have pulled the OPNsense including caddy reverse proxy to the current version. Unfortunately, NTLM is not forwarded, which I need for the Outlook desktop clients that access my Exchange server.
Tip: to validate your setup was working with the previous version, use opnsense-revert (https://docs.opnsense.org/manual/opnsense_tools.html#opnsense-revert)
To Reproduce
Steps to reproduce the behavior:
Expected behavior
I want to connect my Outlook Clients
Screenshots
If applicable, add screenshots to help explain your problem.
The text was updated successfully, but these errors were encountered: