Forum Discussion
David_Stretch_2
Nimbostratus
NimbostratusLTM 11.1.0+ HTTP monitor with native NTLM auth
After struggling for a few hours with HTTP monitors using the native NTLM solution (after the initial BASIC auth request fails), I'm not convinced that it's correctly forming the NTLM request.
T...
nitass
Employee
Employeethis is mine.
root@v1110(Active)(/Common)(tmos) show sys version
Sys::Version
Main Package
Product BIG-IP
Version 11.1.0
Build 1943.0
Edition Final
Date Sun Nov 20 18:27:50 PST 2011
root@v1110(Active)(/Common)(tmos) list ltm monitor http myntlm
ltm monitor http myntlm {
defaults-from http
destination *:*
interval 5
password secret
recv "200 OK"
send "GET /index.html HTTP/1.1\\r\\nHost: 172.28.19.78"
time-until-up 0
timeout 16
username tasmania@abc.com
}
=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2012.10.02 20:43:47 =~=~=~=~=~=~=~=~=~=~=~=
[root@v1110:Active] config
[root@v1110:Active] config ssldump -Aed -nni 0.0 port 80
New TCP connection 1: 172.28.20.11(41539) <-> 172.28.19.78(80)
1349181834.6342 (0.0024) C>S
---------------------------------------------------------------
GET /index.html HTTP/1.1
Host: 172.28.19.78
Authorization: Basic dGFzbWFuaWFAYWJjLmNvbTpzZWNyZXQ=
---------------------------------------------------------------
1349181834.6351 (0.0009) S>C
---------------------------------------------------------------
HTTP/1.1 401 Unauthorized
Content-Length: 1656
Content-Type: text/html
Server: Microsoft-IIS/6.0
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
Date: Tue, 02 Oct 2012 12:40:33 GMT
...snipped...
---------------------------------------------------------------
1349181834.6360 (0.0009) C>S
---------------------------------------------------------------
GET /index.html HTTP/1.1
Host: 172.28.19.78
Authorization: NTLM TlRMTVNTUAABAAAAB4IIAAAAAAAAAAAAAAAAAAAAAAA=
---------------------------------------------------------------
1349181834.6370 (0.0009) S>C
---------------------------------------------------------------
HTTP/1.1 401 Unauthorized
Content-Length: 1539
Content-Type: text/html
Server: Microsoft-IIS/6.0
WWW-Authenticate: NTLM TlRMTVNTUAACAAAABgAGADgAAAAFgokCqL4wD9Ebc7wAAAAAAAAAAGIAYgA+AAAABQLODgAAAA9BAEIAQwACAAYAQQBCAEMAAQAMAFMAQQBMAE0ATwBOAAQADgBhAGIAYwAuAGMAbwBtAAMAHABzAGEAbABtAG8AbgAuAGEAYgBjAC4AYwBvAG0ABQAOAGEAYgBjAC4AYwBvAG0AAAAAAA==
Date: Tue, 02 Oct 2012 12:40:33 GMT
...snipped...
---------------------------------------------------------------
1349181834.6382 (0.0011) C>S
---------------------------------------------------------------
GET /index.html HTTP/1.1
Host: 172.28.19.78
Authorization: NTLM TlRMTVNTUAADAAAAGAAYAGgAAACSAJIAgAAAAAAAAABAAAAAIAAgAEAAAAAIAAgAYAAAAAAAAAASAQAABYKIonQAYQBzAG0AYQBuAGkAYQBAAGEAYgBjAC4AYwBvAG0AYgBpAGcAZAAzDBf+CcqPFXMNzakQDxm1eyzebeEbgH6jUUWxR+l6hbBzQbvr5UqfAQEAAAAAAAAAIcaUm6DNAXss3m3hG4B+AAAAAAIABgBBAEIAQwABAAwAUwBBAEwATQBPAE4ABAAOAGEAYgBjAC4AYwBvAG0AAwAcAHMAYQBsAG0AbwBuAC4AYQBiAGMALgBjAG8AbQAFAA4AYQBiAGMALgBjAG8AbQAAAAAAAAAAAA==
---------------------------------------------------------------
1349181834.6400 (0.0018) S>C
---------------------------------------------------------------
HTTP/1.1 200 OK
Content-Length: 12
Content-Type: text/html
Last-Modified: Tue, 02 Oct 2012 11:29:51 GMT
Accept-Ranges: bytes
ETag: "c81b63d91a0cd1:251"
Server: Microsoft-IIS/6.0
Date: Tue, 02 Oct 2012 12:40:33 GMT
hello world!---------------------------------------------------------------
1 1349181834.6413 (0.0012) C>S TCP FIN
1 1349181834.6420 (0.0007) S>C TCP FIN
