Am 27.03.2017 um 10:01 schrieb Craig Fisher ([email protected]): > Hi folks, > > We're trying to setup a multi-domain Sogo and have run into an issue with > ActiveSync - the http/https requests > http://hostname.dom/Microsoft-Server-ActiveSync immediately fail with a 403 > forbidden error without even attempting/requesting a login. > > The Sogo login and autodiscover login both work fine. > > I just can't seem to see where the issue is - looks like an apache error as > it's not even getting to the Sogo/Openchange debug logs. > > Can anyone see any glaring errors in the SOGo.conf below? Are there any other > config files that could be the issue? > > Thanks in advance, > > -Craig > ---------------------- > Alias /SOGo.woa/WebServerResources/ \ > /usr/lib/GNUstep/SOGo/WebServerResources/ > Alias /SOGo/WebServerResources/ \ > /usr/lib/GNUstep/SOGo/WebServerResources/ > > Redirect /Autodiscover/Autodiscover.xml /autodiscover/autodiscover.xml > Redirect /AutoDiscover/AutoDiscover.xml /autodiscover/autodiscover.xml > > > <Directory /usr/lib/GNUstep/SOGo/> > AllowOverride None > > <IfVersion < 2.4> > Order deny,allow > Allow from all > </IfVersion> > <IfVersion >= 2.4> > Require all granted > </IfVersion> > > # Explicitly allow caching of static content to avoid browser specific > behavior. > # A resource's URL MUST change in order to have the client load the new > version. > <IfModule expires_module> > ExpiresActive On > ExpiresDefault "access plus 1 year" > </IfModule> > </Directory> > > ## Uncomment the following to enable proxy-side authentication, you will then > ## need to set the "SOGoTrustProxyAuthentication" SOGo user default to YES and > ## adjust the "x-webobjects-remote-user" proxy header in the "Proxy" section > ## below. > # > ## For full proxy-side authentication: > #<Location /SOGo> > # AuthType XXX > # Require valid-user > # SetEnv proxy-nokeepalive 1 > # Allow from all > #</Location> > # > ## For proxy-side authentication only for CardDAV and GroupDAV from external > ## clients: > #<Location /SOGo/dav> > # AuthType XXX > # Require valid-user > # SetEnv proxy-nokeepalive 1 > # Allow from all > #</Location> > > ProxyRequests Off > SetEnv proxy-nokeepalive 1 > ProxyPreserveHost On > > # When using CAS, you should uncomment this and install cas-proxy-validate.py > # in /usr/lib/cgi-bin to reduce server overloading > # > # ProxyPass /SOGo/casProxy http://localhost/cgi-bin/cas-proxy-validate.py > # <Proxy http://localhost/app/cas-proxy-validate.py> > # Order deny,allow > # Allow from your-cas-host-addr > # </Proxy> > > # Enable to use Microsoft ActiveSync support > # Note that you MUST have many sogod workers to use ActiveSync. > # See the SOGo Installation and Configuration guide for more details. > # > ProxyPass /Microsoft-Server-ActiveSync \ > http://127.0.0.1:20000/SOGo/Microsoft-Server-ActiveSync \ > retry=60 connectiontimeout=5 timeout=360 > > ProxyPass /SOGo http://127.0.0.1:20000/SOGo retry=0 > > <Proxy http://127.0.0.1:20000/SOGo> > ## adjust the following to your configuration > RequestHeader set "x-webobjects-server-port" "443" > RequestHeader set "x-webobjects-server-name" "%{HTTP_HOST}e" env=HTTP_HOST > RequestHeader set "x-webobjects-server-url" "https://%{HTTP_HOST}e"; > env=HTTP_HOST > # RequestHeader set "x-webobjects-server-port" "80" > # RequestHeader set "x-webobjects-server-name" > "exchange-xxx-x.smtp-engine.com" > # RequestHeader set "x-webobjects-server-url" > "http://exchange-xxx-x.smtp-engine.com"; > > ## When using proxy-side autentication, you need to uncomment and > ## adjust the following line: > # RequestHeader unset "x-webobjects-remote-user" > # RequestHeader set "x-webobjects-remote-user" "%{REMOTE_USER}e" > env=REMOTE_USER > > RequestHeader set "x-webobjects-server-protocol" "HTTP/1.0" > > # RequestHeader set "x-webobjects-remote-host" %{REMOTE_HOST}e > env=REMOTE_HOST > AddDefaultCharset UTF-8 > > <IfVersion < 2.4> > Order deny,allow > Allow from all > </IfVersion> > <IfVersion >= 2.4> > Require all granted > </IfVersion> > > </Proxy> > > # For Apple autoconfiguration > <IfModule rewrite_module> > RewriteEngine On > RewriteRule ^/.well-known/caldav/?$ /SOGo/dav [R=301] > RewriteRule ^/.well-known/carddav/?$ /SOGo/dav [R=301] > </IfModule> > > --------------------------- > > Apache config looks ok. I would enable "x-webobjects-remote-host" in order to get the clients IPs inthe sogo.log, but that is up to you.
Did you install package sogo-activesync? Kind regards, Christian Mack -- Christian Mack Universität Konstanz Kommunikations-, Informations-, Medienzentrum (KIM) Abteilung Basisdienste 78457 Konstanz +49 7531 88-4416
smime.p7s
Description: S/MIME Cryptographic Signature
