Forum Discussion
LTM 11.1.0+ HTTP monitor with native NTLM auth
After struggling for a few hours with HTTP monitors using the native NTLM solution (after the initial BASIC auth request fails), I'm not convinced that it's correctly forming the NTLM request.
The web server constantly returns 401.2 responses and the following is logged in to the server's Security event log:
Account For Which Logon Failed:
Failure Information:
It seems that 0xc000006a means "User logon with Misspelled or bad Password". I know for a fact that the password specified in the monitor is correct, and when capturing the BASIC auth request it shows as such; something is going wrong during the NTLM auth request.
Since the request is hashed I've got no way of figuring out whether the username and password are correct so I was wondering if anyone else has successfully used the native NTLM auth functionality of the HTTP monitor since it was implemented in 11.1.0.
Thanks
- hoolio
Cirrostratus
Hi David, - nitass
Employee
would you mind posting the http monitor configuration? - David_Stretch_2
Nimbostratus
Here's the monitor, I'll dump the HTTP response in a bit ... - nitass
Employee
this is mine.root@v1110(Active)(/Common)(tmos) show sys version Sys::Version Main Package Product BIG-IP Version 11.1.0 Build 1943.0 Edition Final Date Sun Nov 20 18:27:50 PST 2011 root@v1110(Active)(/Common)(tmos) list ltm monitor http myntlm ltm monitor http myntlm { defaults-from http destination *:* interval 5 password secret recv "200 OK" send "GET /index.html HTTP/1.1\\r\\nHost: 172.28.19.78" time-until-up 0 timeout 16 username tasmania@abc.com } =~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2012.10.02 20:43:47 =~=~=~=~=~=~=~=~=~=~=~= [root@v1110:Active] config [root@v1110:Active] config ssldump -Aed -nni 0.0 port 80 New TCP connection 1: 172.28.20.11(41539) <-> 172.28.19.78(80) 1349181834.6342 (0.0024) C>S --------------------------------------------------------------- GET /index.html HTTP/1.1 Host: 172.28.19.78 Authorization: Basic dGFzbWFuaWFAYWJjLmNvbTpzZWNyZXQ= --------------------------------------------------------------- 1349181834.6351 (0.0009) S>C --------------------------------------------------------------- HTTP/1.1 401 Unauthorized Content-Length: 1656 Content-Type: text/html Server: Microsoft-IIS/6.0 WWW-Authenticate: Negotiate WWW-Authenticate: NTLM Date: Tue, 02 Oct 2012 12:40:33 GMT ...snipped... --------------------------------------------------------------- 1349181834.6360 (0.0009) C>S --------------------------------------------------------------- GET /index.html HTTP/1.1 Host: 172.28.19.78 Authorization: NTLM TlRMTVNTUAABAAAAB4IIAAAAAAAAAAAAAAAAAAAAAAA= --------------------------------------------------------------- 1349181834.6370 (0.0009) S>C --------------------------------------------------------------- HTTP/1.1 401 Unauthorized Content-Length: 1539 Content-Type: text/html Server: Microsoft-IIS/6.0 WWW-Authenticate: NTLM TlRMTVNTUAACAAAABgAGADgAAAAFgokCqL4wD9Ebc7wAAAAAAAAAAGIAYgA+AAAABQLODgAAAA9BAEIAQwACAAYAQQBCAEMAAQAMAFMAQQBMAE0ATwBOAAQADgBhAGIAYwAuAGMAbwBtAAMAHABzAGEAbABtAG8AbgAuAGEAYgBjAC4AYwBvAG0ABQAOAGEAYgBjAC4AYwBvAG0AAAAAAA== Date: Tue, 02 Oct 2012 12:40:33 GMT ...snipped... --------------------------------------------------------------- 1349181834.6382 (0.0011) C>S --------------------------------------------------------------- GET /index.html HTTP/1.1 Host: 172.28.19.78 Authorization: NTLM TlRMTVNTUAADAAAAGAAYAGgAAACSAJIAgAAAAAAAAABAAAAAIAAgAEAAAAAIAAgAYAAAAAAAAAASAQAABYKIonQAYQBzAG0AYQBuAGkAYQBAAGEAYgBjAC4AYwBvAG0AYgBpAGcAZAAzDBf+CcqPFXMNzakQDxm1eyzebeEbgH6jUUWxR+l6hbBzQbvr5UqfAQEAAAAAAAAAIcaUm6DNAXss3m3hG4B+AAAAAAIABgBBAEIAQwABAAwAUwBBAEwATQBPAE4ABAAOAGEAYgBjAC4AYwBvAG0AAwAcAHMAYQBsAG0AbwBuAC4AYQBiAGMALgBjAG8AbQAFAA4AYQBiAGMALgBjAG8AbQAAAAAAAAAAAA== --------------------------------------------------------------- 1349181834.6400 (0.0018) S>C --------------------------------------------------------------- HTTP/1.1 200 OK Content-Length: 12 Content-Type: text/html Last-Modified: Tue, 02 Oct 2012 11:29:51 GMT Accept-Ranges: bytes ETag: "c81b63d91a0cd1:251" Server: Microsoft-IIS/6.0 Date: Tue, 02 Oct 2012 12:40:33 GMT hello world!--------------------------------------------------------------- 1 1349181834.6413 (0.0012) C>S TCP FIN 1 1349181834.6420 (0.0007) S>C TCP FIN
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com