Web Browsing Behind ISA Server HOWTO: Method #2 - NTLM Authorization Proxy Server

4. Method #2 - NTLM Authorization Proxy Server

NTLM Authorization Proxy Server is proxy server-like software that just provides NTLM authentication in between your browser and ISA Server, and makes the server believe it's talking to Internet Explorer. It does this by adding NTLM authorization strings to the request headers. It is written in the Python language by Dmitry Rozmanov [nice work dude!]. See www.python.org. Most linux distributions come bundled with a Python interpreter.

4.1 Getting NTLMAPS

The NTLMAPS project home page is located at http://ntlmaps.sourceforge.net/. You can directly go to the download page at http://sourceforge.net/project/showfiles.php?group_id=69259. The recent version at the time of writing this document is 0.9.8.

4.2 Installing NTLMAPS

Once you have downloaded NTLMAPS, you can extract it into the directory of your choice:

        
tar xzvf apsxxx.tar.gz
cd apsxxx

where 'xxx' is the version number.

4.3 Quick Configuration

Load up server.cfg in your favorite editor. Locate the lines:

        
LISTEN_PORT:5865

# If you want APS to authenticate you at WWW servers using NTLM then just leave this
# value blank like PARENT_PROXY: and APS will connect to web servers directly.
# And NOTE that NTLM cannot pass through another proxy server.
PARENT_PROXY:your_parentproxy

PARENT_PROXY_PORT:8080

By default, NTLMAPS listens on port 5865. You can change it to any port number of your choice. You need to replace 'your_parentproxy' with the IP address of your ISA Server. Put ISA Server's web cache port in PARENT_PROXY_PORT.

Now, locate the lines:

        
# Windows Domain.
# NOTE: it is not full qualified internet domain, but windows network domain.
NT_DOMAIN:your_domain

# What user's name to use during authorization. It may differ form real current username.
USER:username_to_use

# Password. Just leave it blank here and server will request it at the start time.
PASSWORD:your_nt_password

You will need to put in your domain name in place of your_domain, user name in place of 'username_to_use' and password in place of 'your_nt_password'. Save the file after editing.

4.4 Running NTLMAPS

Now simply run the file main.py, for example:

        
./main.py

Now the NTLMAPS server is listening.

4.5 Client Side Configuration

In particular, we will use Netscape as an example here.

Start Netscape Communicator.
Click on Edit menu and click Preferences.
Expand 'Advanced' node and click on 'Proxies'; you will see some options on the left.
Click on Manual proxy configuration, then click on the View button.
Put your local host's IP address (127.0.0.1) in the HTTP: box and port where NTLMAPS is listening (5865).
Click on OK to confirm your changes.
You will return back to Preferences dialog.
Click on OK to apply your changes.

Load up a test url in your browser and you will see the web page loads successfully. If you use a different browser then you will need to explore and see how you set it up to work with proxy.

Next Previous Contents