EAV Moinitor fails with NTLMv2

Hey Claud,

 

 

A little birdie told me that native HTTP/S monitors in v11.1 already support NTLM and NTLMv2:

 

 

 

http://support.f5.com/kb/en-us/products/big-ip_ltm/releasenotes/product/relnote-ltm-11-1-0.htmlrn_new

 

 

NTLM Authentication Support for HTTP/HTTPS Monitors

 

For an HTTP/HTTPS monitor to successfully use NTLM authentication, a monitor must meet the following configuration requirements:

 

 

* The monitor must have a send string. Because it is necessary to use HTTP version 1.1, the send string must be, at minimum: "GET / HTTP/1.1\r\nHost: "

 

* The monitor must have a receive string.

 

* The monitor cannot be a reverse monitor.

 

* The monitor must have a username. The user name may be either a simple username or it can be the domain/username. Both '\' and '/' are recognized.

 

* The monitor must have a password.

 

 

Once this monitor is associated with a pool or pool member, it only enacts NTLM if the request with Basic Auth gets a 401 response with a WWW-Authenticate header set to NTLM. At this point the NTLM handshake should commence. Here is an example monitor: ltm monitor http /Common/http_testauth { defaults-from /Common/http destination *:* interval 5 password default recv Microsoft-IIS/7 send "GET / HTTP/1.1\\r\\nHost: portal.authtest.tc.requestsite.com" time-until-up 0 timeout 16 username AUTHTEST/administrator }

 

 

 

Aaron