For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

AjayPra_161698's avatar
AjayPra_161698
Icon for Nimbostratus rankNimbostratus
Jun 10, 2015

NTLM authentication for http monitor for sharepoint 2013 webserver

F5 LTM version 10.2.4

 

I have to setup http monitor to support NTLM authentication for monitoring the SharePoint 2013 webserver.

 

Could you please help on how to setup http monitor with NTLM authentication.

 

Thanks

 

application delivery
availability
LTM
microsoft
monitor

5 Replies

    • AjayPra_161698's avatar
      AjayPra_161698
      Icon for Nimbostratus rankNimbostratus
      Jun 10, 2015
      curl 7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 OpenSSL/0.9.8y zlib/1.2.3 libidn/0.6.5 Protocols: tftp ftp telnet dict ldap ldaps http file https ftps Features: IDN IPv6 Largefile NTLM SSL libz
  • mikeshimkus_111's avatar
    mikeshimkus_111
    Historic F5 Account
    Jun 10, 2015

    You'll need to construct an external monitor: https://devcentral.f5.com/articles/ltm-external-monitors-the-basics

    Here's an example of an external monitor for Exchange Autodiscover that uses NTLM:

    !/bin/sh
 These arguments supplied automatically for all external monitors:
 $1 = IP (nnn.nnn.nnn.nnn notation)
 $2 = port (decimal, host byte order)

 This script expects the following Name/Value pairs:
  USER  = the username associated with a mailbox
  PASSWORD = the password for the user account
  DOMAIN = the Windows domain in which the account lives
  EMAIL = the email address associated with the user mailbox

 Remove IPv6/IPv4 compatibility prefix (LTM passes addresses in IPv6 format)

NODE=`echo ${1} | sed 's/::ffff://'`
if [[ $NODE =~ ^[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}$ ]]; then
     node is v4
    NODE=${NODE}
else
     node is v6
    NODE=[${NODE}]
fi
PORT=${2}
DIR="http://schemas.microsoft.com/exchange/autodiscover/outlook"
PIDFILE="/var/run/`basename ${0}`.my_new_iapp_test_2010_${USER}_${NODE}_ad.pid"
XML1=$( cat<
EOF
)
XML2=$( cat<${DIR}/responseschema/2006a
EOF
)
XMLFULL=${XML1}${EMAIL}${XML2}
RECV=''
ADSURI='/Autodiscover/Autodiscover.xml'
 kill of the last instance of this monitor if hung and log current pid
if [ -f $PIDFILE ]
then
   echo "EAV exceeded runtime needed to kill ${NODE}:${PORT}" | logger -p local0.error
   kill -9 `cat $PIDFILE` > /dev/null 2>&1
fi
echo "$$" > $PIDFILE
curl-apd -g -s --ntlm -k -X POST -H 'Content-Type: text/xml; charset=utf-8' -d "${XMLFULL}" -u ${DOMAIN}\\${USER}:${PASSWORD} http://${NODE}${ADSURI} | grep -i "${RECV}" > /dev/null 2>&1
STATUS=$?
rm -f $PIDFILE
if [ $STATUS -eq 0 ]
then
    echo "UP"
fi
exit
    • AjayPra_161698's avatar
      AjayPra_161698
      Icon for Nimbostratus rankNimbostratus
      Jun 11, 2015
      Hi mikeshimkus, Thanks for the information . Any idea how it is done in BIG-IP v11.1.4 Ragards
    • mikeshimkus_111's avatar
      mikeshimkus_111
      Historic F5 Account
      Jun 11, 2015
      Sure, the link I posted above should cover the basics, plus there are dozens of examples elsewhere on DevCentral.