Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts.
NTLM Authorization Proxy Server is proxy server-like software that just provides NTLM
authentication in between your browser and ISA Server, and makes the server believe
it's talking to Internet Explorer. It does this by adding NTLM authorization strings to the
request headers. It is written in the Python language by Dmitry Rozmanov [nice work
dude!]. See <htmlurl name="www.python.org" url="http://www.python.org">.
Most linux distributions come bundled with a Python interpreter.
<!-- Getting NTLMAPS -->
<sect1>
<heading>Getting NTLMAPS</heading>
<p>
The NTLMAPS project home page is located at <htmlurl name="http://ntlmaps.sourceforge.net/" url="http://ntlmaps.sourceforge.net/">.
You can directly go to the download page at <htmlurl name="http://sourceforge.net/project/showfiles.php?group_id=69259" url="http://sourceforge.net/project/showfiles.php?group_id=69259">. The recent version at the time of writing this document is 0.9.8.
</sect1>
<!-- Installing NTLMAPS -->
<sect1>
<heading>Installing NTLMAPS</heading>
<p>
Once you have downloaded NTLMAPS, you can extract it into the directory of your choice:
<code>
tar xzvf apsxxx.tar.gz
cd apsxxx
where 'xxx' is the version number.
</code>
</sect1>
<!-- Quick Configuration -->
<sect1>
<heading>Quick Configuration</heading>
<p>
Load up <file>server.cfg</file> in your favorite editor. Locate the lines:
<code>
LISTEN_PORT:5865
# If you want APS to authenticate you at WWW servers using NTLM then just leave this
# value blank like PARENT_PROXY: and APS will connect to web servers directly.
# And NOTE that NTLM cannot pass through another proxy server.
PARENT_PROXY:your_parentproxy
PARENT_PROXY_PORT:8080
</code>
By default, NTLMAPS listens on port 5865. You can change it to any port number of
your choice. You need to replace 'your_parentproxy' with the IP address of your
ISA Server. Put ISA Server's web cache port in PARENT_PROXY_PORT.
<p>
Now, locate the lines:
<code>
# Windows Domain.
# NOTE: it is not full qualified internet domain, but windows network domain.
NT_DOMAIN:your_domain
# What user's name to use during authorization. It may differ form real current username.
USER:username_to_use
# Password. Just leave it blank here and server will request it at the start time.
PASSWORD:your_nt_password
</code>
You will need to put in your domain name in place of your_domain, user name in place
of 'username_to_use' and password in place of 'your_nt_password'. Save the file after
editing.
</sect1>
<!-- Running NTLMAPS -->
<sect1>
<heading>Running NTLMAPS</heading>
<p>
Now simply run the file <file>main.py</file>, for example:
<code>
./main.py
</code>
Now the NTLMAPS server is listening.
</sect1>
<!-- Client Side Configuration -->
<sect1>
<heading>Client Side Configuration</heading>
<p>
In particular, we will use Netscape as an example here.
<itemize>
<item> Start Netscape Communicator.
<item> Click on Edit menu and click Preferences.
<item> Expand 'Advanced' node and click on 'Proxies'; you will see some options on the left.
<item> Click on Manual proxy configuration, then click on the View button.
<item> Put your local host's IP address (127.0.0.1) in the HTTP: box and port where NTLMAPS is listening (5865).
<item> Click on OK to confirm your changes.
<item> You will return back to Preferences dialog.
<heading>Appendix - B - Acknowledgments </heading>
<p>
<itemize>
<item> Special thanks to Tabatha Persad (tabatha AT merlinmonroe DOT com) for reviewing and fixing the grammatical, structural, spelling and markup mistakes in this document.
<item> Thanks to Greg Ferguson (gferg AT sgi DOT com), Joy Goodreau (joyg AT us DOT ibm DOT com) for their guidance on submitting this document.
<item> Thanks to Faisal Khatri (fslkhatri AT hotmail DOT com) for verifying the information in this document.