APM VIP with exchange servers and NTLM authentication

Question

I used the exchange 2016 iApp ( latest version) to setup one VIP with all services behind it.

The problem is that /mapi* should be with NTLM authentication, but rest of it like /owa is using basic authentication.

Right now the policy is setup with logon page -> LDAP Authentication -> SSO credential mapping - Allow

Pretty standard. The question is, could I insert upfront logon page NTLM check based on URI ?

Something like this :

and iRule , if needed :

when HTTP_REQUEST {

if { [HTTP::uri] starts_with "/mapi" } {

ECA::enable

ECA::select select_ntlm:/Common/ntlm-auth-exchange-2016

} else {

ECA::disable

}

youssef1 · Answer

Hello Kaloyan,&nbsp;Did you use an Exchange profile?Because you can easly set frontend Authentification and SSO by URL/Service:&nbsp;&nbsp;&nbsp;Regards&nbsp;&nbsp;

kaloyan · Answer

Hi youssef,yes, I have exchange profile.Can I borrow one of the predefined Service Settings and add /mapi* instead of /ews* for example ? And probably will need to add SSO Configuration with Kerberos for NTLM ? Should I change the policy as well with some NTLM checks ?Do I need this ECA enabled on the VIP ? So many questions :)

Forum Discussion

APM VIP with exchange servers and NTLM authentication

Recent Discussions

Application only need to access from 2 uris

In Radius auth, how to allow second attempt of token input when the first input is incorrect?

AS3 Limitations

Unable to install firmware OS and drop at 10%

Statistics ›› Analytics : HTTP : Overview

Related Content

Simple HTTP Authentication server

RADIUS server authenticating user with Google Authenticator

Microsoft Exchange Server

SSL Profiles Part 9: Server Authentication

Exchange 2016

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS