124 lines
4.3 KiB
HTML
124 lines
4.3 KiB
HTML
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
|
|
<HTML>
|
|
<HEAD>
|
|
<META NAME="GENERATOR" CONTENT="SGML-Tools 1.0.9">
|
|
<TITLE>Web Browsing Behind ISA Server HOWTO: Method #2 - NTLM Authorization Proxy Server</TITLE>
|
|
<LINK HREF="Web-Browsing-Behind-ISA-Server-HOWTO-5.html" REL=next>
|
|
<LINK HREF="Web-Browsing-Behind-ISA-Server-HOWTO-3.html" REL=previous>
|
|
<LINK HREF="Web-Browsing-Behind-ISA-Server-HOWTO.html#toc4" REL=contents>
|
|
</HEAD>
|
|
<BODY>
|
|
<A HREF="Web-Browsing-Behind-ISA-Server-HOWTO-5.html">Next</A>
|
|
<A HREF="Web-Browsing-Behind-ISA-Server-HOWTO-3.html">Previous</A>
|
|
<A HREF="Web-Browsing-Behind-ISA-Server-HOWTO.html#toc4">Contents</A>
|
|
<HR>
|
|
<H2><A NAME="s4">4. Method #2 - NTLM Authorization Proxy Server</A></H2>
|
|
|
|
<P>NTLM Authorization Proxy Server is proxy server-like software that just provides NTLM
|
|
authentication in between your browser and ISA Server, and makes the server believe
|
|
it's talking to Internet Explorer. It does this by adding NTLM authorization strings to the
|
|
request headers. It is written in the Python language by Dmitry Rozmanov [nice work
|
|
dude!]. See
|
|
<A HREF="http://www.python.org">www.python.org</A>.
|
|
Most linux distributions come bundled with a Python interpreter.
|
|
<P>
|
|
<H2><A NAME="ss4.1">4.1 Getting NTLMAPS</A>
|
|
</H2>
|
|
|
|
<P>The NTLMAPS project home page is located at
|
|
<A HREF="http://ntlmaps.sourceforge.net/">http://ntlmaps.sourceforge.net/</A>.
|
|
You can directly go to the download page at
|
|
<A HREF="http://sourceforge.net/project/showfiles.php?group_id=69259">http://sourceforge.net/project/showfiles.php?group_id=69259</A>. The recent version at the time of writing this document is 0.9.8.
|
|
<H2><A NAME="ss4.2">4.2 Installing NTLMAPS</A>
|
|
</H2>
|
|
|
|
<P>Once you have downloaded NTLMAPS, you can extract it into the directory of your choice:
|
|
<P>
|
|
<HR>
|
|
<PRE>
|
|
|
|
tar xzvf apsxxx.tar.gz
|
|
cd apsxxx
|
|
|
|
where 'xxx' is the version number.
|
|
</PRE>
|
|
<HR>
|
|
<H2><A NAME="ss4.3">4.3 Quick Configuration</A>
|
|
</H2>
|
|
|
|
<P>Load up server.cfg in your favorite editor. Locate the lines:
|
|
<P>
|
|
<HR>
|
|
<PRE>
|
|
|
|
LISTEN_PORT:5865
|
|
|
|
# If you want APS to authenticate you at WWW servers using NTLM then just leave this
|
|
# value blank like PARENT_PROXY: and APS will connect to web servers directly.
|
|
# And NOTE that NTLM cannot pass through another proxy server.
|
|
PARENT_PROXY:your_parentproxy
|
|
|
|
PARENT_PROXY_PORT:8080
|
|
</PRE>
|
|
<HR>
|
|
<P>By default, NTLMAPS listens on port 5865. You can change it to any port number of
|
|
your choice. You need to replace 'your_parentproxy' with the IP address of your
|
|
ISA Server. Put ISA Server's web cache port in PARENT_PROXY_PORT.
|
|
<P>
|
|
<P>Now, locate the lines:
|
|
<P>
|
|
<HR>
|
|
<PRE>
|
|
|
|
# Windows Domain.
|
|
# NOTE: it is not full qualified internet domain, but windows network domain.
|
|
NT_DOMAIN:your_domain
|
|
|
|
# What user's name to use during authorization. It may differ form real current username.
|
|
USER:username_to_use
|
|
|
|
# Password. Just leave it blank here and server will request it at the start time.
|
|
PASSWORD:your_nt_password
|
|
</PRE>
|
|
<HR>
|
|
<P>You will need to put in your domain name in place of your_domain, user name in place
|
|
of 'username_to_use' and password in place of 'your_nt_password'. Save the file after
|
|
editing.
|
|
<P>
|
|
<H2><A NAME="ss4.4">4.4 Running NTLMAPS</A>
|
|
</H2>
|
|
|
|
<P>Now simply run the file main.py, for example:
|
|
<P>
|
|
<HR>
|
|
<PRE>
|
|
|
|
./main.py
|
|
</PRE>
|
|
<HR>
|
|
|
|
<P>Now the NTLMAPS server is listening.
|
|
<H2><A NAME="ss4.5">4.5 Client Side Configuration</A>
|
|
</H2>
|
|
|
|
<P>In particular, we will use Netscape as an example here.
|
|
<P>
|
|
<UL>
|
|
<LI> Start Netscape Communicator.</LI>
|
|
<LI> Click on Edit menu and click Preferences.</LI>
|
|
<LI> Expand 'Advanced' node and click on 'Proxies'; you will see some options on the left.</LI>
|
|
<LI> Click on Manual proxy configuration, then click on the View button.</LI>
|
|
<LI> Put your local host's IP address (127.0.0.1) in the HTTP: box and port where NTLMAPS is listening (5865).</LI>
|
|
<LI> Click on OK to confirm your changes.</LI>
|
|
<LI> You will return back to Preferences dialog.</LI>
|
|
<LI> Click on OK to apply your changes.</LI>
|
|
</UL>
|
|
<P>Load up a test url in your browser and you will see the web page loads successfully. If you use a different browser
|
|
then you will need to explore and see how you set it up to work with proxy.
|
|
<HR>
|
|
<A HREF="Web-Browsing-Behind-ISA-Server-HOWTO-5.html">Next</A>
|
|
<A HREF="Web-Browsing-Behind-ISA-Server-HOWTO-3.html">Previous</A>
|
|
<A HREF="Web-Browsing-Behind-ISA-Server-HOWTO.html#toc4">Contents</A>
|
|
</BODY>
|
|
</HTML>
|