Install and Configure NTLMAPS to Access ISA Server

On August 16, 2010 by wingloon With 6 Comments - Linux

This blog post describes how to install and configure NTLM Authorization Proxy Server (NTLMAPS) 0.9.9.0.1 in CentOS 5.5 connected to a Microsoft ISA server which enable your web browsing capability. Decide to write this simple blog post because I am experiencing road block while browsing website in a Linux box.

Pre-requisite
Python language interpreter version 1.5.2 or higher.

Getting NTLMAPS
Download the current stable version ntlmaps-0.9.9.0.1.tar.gz source file from ntlmaps.sourceforge.net

Install NTLMAPS
Run the command below to extract downloaded file to a target directory: -
tar xvfz ntlmaps-0.9.9.0.1.tar.gz -C /usr/local/bin

Run the command below to create a symbolic link: –
ln -s /usr/local/bin/ntlmaps-0.9.9.0.1 /usr/local/bin/ntlmaps

Run the command below to backup the NTLMAPS configuration file: -
cp -a /usr/local/bin/ntlmaps/server.cfg /usr/local/bin/ntlmaps/server.cfg-default

Run the command below to edit the NTLMAPS configuration file: -
vi /usr/local/bin/ntlmaps/server.cfg

Configure NTLMAPS
By default NTLMAPS listen on port 5865, you can change it to any port you preferred. I leave it as default. Remember to save the configuration file after modifying it as below (an example only): -
LISTEN_PORT:5865
PARENT_PROXY:your.isa.server.name
PARENT_PROXY_PORT:your.isa.server.port
ALLOW_EXTERNAL_CLIENTS:1
FRIENDLY_IPS:your.client.ip1 your.client.ip2
NT_HOSTNAME:your.ntlmaps.server.name
NT_DOMAIN:your.domain
USER:your.nt.username
PASSWORD:your.nt.password
LM_PART:1
NT_PART:1
NTLM_FLAGS: 07820000

Start NTLMAPS
Run the command below to start NTLMAPS: -
/usr/local/bin/ntlmaps/main.py -c /usr/local/bin/ntlmaps/server.cfg &

System Wide Configuration
You can setup the proxy environment in /etc/profile as global variable as below (tested with curl,elinks,lynx and wget): -
export http_proxy=http://127.0.0.1:5865

GUI Web Browser Configuration
You can use the following information to configure in your GUI web browser: -
Proxy IP address: 127.0.0.1
Proxy IP address: 5865

If you found these helpful, please contribute to help:

6 Comments

  1. blusmurf July 30, 2011

    You still can use http_proxy to authenticate your NT domain ID to the ISA server

    export http_proxy=”http://domain\NT:password@proxyserver:port”

  2. wingloon August 4, 2011

    blusmurf, thank you for the tips.

  3. Samsul February 4, 2012

    I really must thanks for this ‘simple and very, ..’ thank you. It’s helpfull.

  4. wingloon February 8, 2012

    Welcome Samsul :)

  5. leonsmit2003 June 6, 2012

    How do you start the ntlmaps “service” on startup?
    btw i’m using Centos 6

  6. wingloon June 6, 2012

    leonsmit2003, you can include the line /usr/local/bin/ntlmaps into /etc/rc.d/rc.local