Install and Configure NTLMAPS to Access ISA Server

Aug 16

wingloonLinux 4 Comments

This blog post describes how to install and configure NTLM Authorization Proxy Server (NTLMAPS) 0.9.9.0.1 in CentOS 5.5 connected to a Microsoft ISA server which enable your web browsing capability. Decide to write this simple blog post because I am experiencing road block while browsing website in a Linux box.

Pre-requisite
Python language interpreter version 1.5.2 or higher.

Getting NTLMAPS
Download the current stable version ntlmaps-0.9.9.0.1.tar.gz source file from ntlmaps.sourceforge.net

Install NTLMAPS
Run the command below to extract downloaded file to a target directory: -
tar xvfz ntlmaps-0.9.9.0.1.tar.gz -C /usr/local/bin

Run the command below to create a symbolic link: –
ln -s /usr/local/bin/ntlmaps-0.9.9.0.1 /usr/local/bin/ntlmaps

Run the command below to backup the NTLMAPS configuration file: -
cp -a /usr/local/bin/ntlmaps/server.cfg /usr/local/bin/ntlmaps/server.cfg-default

Run the command below to edit the NTLMAPS configuration file: -
vi /usr/local/bin/ntlmaps/server.cfg

Configure NTLMAPS
By default NTLMAPS listen on port 5865, you can change it to any port you preferred. I leave it as default. Remember to save the configuration file after modifying it as below (an example only): -
LISTEN_PORT:5865
PARENT_PROXY:your.isa.server.name
PARENT_PROXY_PORT:your.isa.server.port
ALLOW_EXTERNAL_CLIENTS:1
FRIENDLY_IPS:your.client.ip1 your.client.ip2
NT_HOSTNAME:your.ntlmaps.server.name
NT_DOMAIN:your.domain
USER:your.nt.username
PASSWORD:your.nt.password
LM_PART:1
NT_PART:1
NTLM_FLAGS: 07820000

Start NTLMAPS
Run the command below to start NTLMAPS: -
/usr/local/bin/ntlmaps/main.py -c /usr/local/bin/ntlmaps/server.cfg &

System Wide Configuration
You can setup the proxy environment in /etc/profile as global variable as below (tested with curl,elinks,lynx and wget): -
export http_proxy=http://127.0.0.1:5865

GUI Web Browser Configuration
You can use the following information to configure in your GUI web browser: -
Proxy IP address: 127.0.0.1
Proxy IP address: 5865

If you found these helpful, please contribute to help:

4 Comments (+add yours?)

  1. blusmurf
    Jul 30, 2011 @ 17:23:00

    You still can use http_proxy to authenticate your NT domain ID to the ISA server

    export http_proxy=”http://domain\NT:password@proxyserver:port”

  2. wingloon
    Aug 04, 2011 @ 19:09:47

    blusmurf, thank you for the tips.

  3. Samsul
    Feb 04, 2012 @ 22:31:36

    I really must thanks for this ‘simple and very, ..’ thank you. It’s helpfull.

  4. wingloon
    Feb 08, 2012 @ 17:13:56

    Welcome Samsul :)

Leave a Reply