Forum Discussion
NimbostratusNTLM authentication for http monitor for sharepoint 2013 webserver
F5 LTM version 10.2.4
I have to setup http monitor to support NTLM authentication for monitoring the SharePoint 2013 webserver.
Could you please help on how to setup http monitor with NTLM authentication.
Thanks
5 Replies
Hi, the built-in http/https monitors support NTLM authentication as of BIG-IP v11.1.0: https://support.f5.com/kb/en-us/solutions/public/2000/100/sol2167.html
You may be able to use an external monitor for this. If you log into the command line of your BIG-IP, and run the command 'curl -V', can you tell me the version of curl you are running?
thanks
AjayPra_161698curl 7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 OpenSSL/0.9.8y zlib/1.2.3 libidn/0.6.5 Protocols: tftp ftp telnet dict ldap ldaps http file https ftps Features: IDN IPv6 Largefile NTLM SSL libz
You'll need to construct an external monitor: https://devcentral.f5.com/articles/ltm-external-monitors-the-basics
Here's an example of an external monitor for Exchange Autodiscover that uses NTLM:
!/bin/sh These arguments supplied automatically for all external monitors: $1 = IP (nnn.nnn.nnn.nnn notation) $2 = port (decimal, host byte order) This script expects the following Name/Value pairs: USER = the username associated with a mailbox PASSWORD = the password for the user account DOMAIN = the Windows domain in which the account lives EMAIL = the email address associated with the user mailbox Remove IPv6/IPv4 compatibility prefix (LTM passes addresses in IPv6 format) NODE=`echo ${1} | sed 's/::ffff://'` if [[ $NODE =~ ^[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}$ ]]; then node is v4 NODE=${NODE} else node is v6 NODE=[${NODE}] fi PORT=${2} DIR="http://schemas.microsoft.com/exchange/autodiscover/outlook" PIDFILE="/var/run/`basename ${0}`.my_new_iapp_test_2010_${USER}_${NODE}_ad.pid" XML1=$( cat< EOF ) XML2=$( cat<${DIR}/responseschema/2006a EOF ) XMLFULL=${XML1}${EMAIL}${XML2} RECV='' ADSURI='/Autodiscover/Autodiscover.xml' kill of the last instance of this monitor if hung and log current pid if [ -f $PIDFILE ] then echo "EAV exceeded runtime needed to kill ${NODE}:${PORT}" | logger -p local0.error kill -9 `cat $PIDFILE` > /dev/null 2>&1 fi echo "$$" > $PIDFILE curl-apd -g -s --ntlm -k -X POST -H 'Content-Type: text/xml; charset=utf-8' -d "${XMLFULL}" -u ${DOMAIN}\\${USER}:${PASSWORD} http://${NODE}${ADSURI} | grep -i "${RECV}" > /dev/null 2>&1 STATUS=$? rm -f $PIDFILE if [ $STATUS -eq 0 ] then echo "UP" fi exit- AjayPra_161698Hi mikeshimkus, Thanks for the information . Any idea how it is done in BIG-IP v11.1.4 Ragards
- Sure, the link I posted above should cover the basics, plus there are dozens of examples elsewhere on DevCentral.
