4. Method #2 - NTLM Authorization Proxy Server
NTLM Authorization Proxy Server is proxy server-like software that just provides NTLM authentication in between your browser and ISA Server, and makes the server believe it's talking to Internet Explorer. It does this by adding NTLM authorization strings to the request headers. It is written in the Python language by Dmitry Rozmanov [nice work dude!]. See www.python.org. Most linux distributions come bundled with a Python interpreter.
4.1 Getting NTLMAPS
The NTLMAPS project home page is located at http://ntlmaps.sourceforge.net/. You can directly go to the download page at http://sourceforge.net/project/showfiles.php?group_id=69259. The recent version at the time of writing this document is 0.9.8.
4.2 Installing NTLMAPS
Once you have downloaded NTLMAPS, you can extract it into the directory of your choice:
tar xzvf apsxxx.tar.gz cd apsxxx where 'xxx' is the version number.
4.3 Quick Configuration
Load up server.cfg in your favorite editor. Locate the lines:
LISTEN_PORT:5865 # If you want APS to authenticate you at WWW servers using NTLM then just leave this # value blank like PARENT_PROXY: and APS will connect to web servers directly. # And NOTE that NTLM cannot pass through another proxy server. PARENT_PROXY:your_parentproxy PARENT_PROXY_PORT:8080
By default, NTLMAPS listens on port 5865. You can change it to any port number of your choice. You need to replace 'your_parentproxy' with the IP address of your ISA Server. Put ISA Server's web cache port in PARENT_PROXY_PORT.
Now, locate the lines:
# Windows Domain. # NOTE: it is not full qualified internet domain, but windows network domain. NT_DOMAIN:your_domain # What user's name to use during authorization. It may differ form real current username. USER:username_to_use # Password. Just leave it blank here and server will request it at the start time. PASSWORD:your_nt_password
You will need to put in your domain name in place of your_domain, user name in place of 'username_to_use' and password in place of 'your_nt_password'. Save the file after editing.
4.4 Running NTLMAPS
Now simply run the file main.py, for example:
./main.py
Now the NTLMAPS server is listening.
4.5 Client Side Configuration
In particular, we will use Netscape as an example here.
- Start Netscape Communicator.
- Click on Edit menu and click Preferences.
- Expand 'Advanced' node and click on 'Proxies'; you will see some options on the left.
- Click on Manual proxy configuration, then click on the View button.
- Put your local host's IP address (127.0.0.1) in the HTTP: box and port where NTLMAPS is listening (5865).
- Click on OK to confirm your changes.
- You will return back to Preferences dialog.
- Click on OK to apply your changes.
Load up a test url in your browser and you will see the web page loads successfully. If you use a different browser then you will need to explore and see how you set it up to work with proxy.
Next Previous Contents