Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions
Custom Alert Banner

F5 AppWorld 2024 session proposal deadline extended to Friday, December 8th!

APM VIP with exchange servers and NTLM authentication

Kaloyan
Cirrus
Cirrus

‎12-Jun-2020 01:08

I used the exchange 2016 iApp ( latest version) to setup one VIP with all services behind it.

The problem is that /mapi* should be with NTLM authentication, but rest of it like /owa is using basic authentication.

Right now the policy is setup with logon page -> LDAP Authentication -> SSO credential mapping - Allow

Pretty standard. The question is, could I insert upfront logon page NTLM check based on URI ?

Something like this :

 

 

0691T000008tcznQAA.png

and iRule , if needed :

when HTTP_REQUEST { 

  if { [HTTP::uri] starts_with "/mapi" } { 

    ECA::enable 

    ECA::select select_ntlm:/Common/ntlm-auth-exchange-2016 

  } else { 

    ECA::disable 

  } 

}

Labels:
0 Kudos
2 REPLIES 2

youssef1
Cumulonimbus
Cumulonimbus

‎12-Jun-2020 06:48

Hello Kaloyan,

 

Did you use an Exchange profile?

Because you can easly set frontend Authentification and SSO by URL/Service:

 

 

0691T000008tdGoQAI.png

 

Regards

 

 

0 Kudos

Kaloyan
Cirrus
Cirrus
In response to youssef1

‎12-Jun-2020 07:11

Hi youssef,

yes, I have exchange profile.

Can I borrow one of the predefined Service Settings and add /mapi* instead of /ews* for example ?

And probably will need to add SSO Configuration with Kerberos for NTLM ?

Should I change the policy as well with some NTLM checks ?

Do I need this ECA enabled on the VIP ?

So many questions 🙂

0691T000008tdJ9QAI.png

0 Kudos
Copyright © 2023 Khoros, LLC