[Xymon] NTLM Authentication

Thomas Leavitt thomleavitt at gmail.com
Tue Mar 22 22:02:13 CET 2016


I have a web app (trac) that back ends to Active Directory via NTLM, and
would like to test that the actual login functionality is working... has
anyone done this? I found a script that does NTLM to a proxy for external
connectivity checks, and figured out that curl can do NTLM, so I have
"curl", on it's own, able to successfully authenticate (using a privilege
stripped account).

Question: is the authentication to the web app done in the clear when the
URL is of the form http:// as below... the Windows guys state that

Two: does anyone have a pre-written script?

I'm planning to integrate the following command, and adapt the referenced
script... which I guess would function as an external plugin, so to speak.

curl --ntlm -u 'DOMAIN\account:password' -s -S -L -I
http://host.example.com/trac/login -m 30 -w 'Seconds:     %{time_total}\n'

Note: script hasn't yet been adapted

#!/bin/sh

TESTHOST=www.google.com<http://www.google.com>
TESTURL=http://$TESTHOST/

<http://%24testhost/>TIMEOUT=30

# Grab *just* the headers, simulating Xymon's builtin http check
MESSAGE=`curl -x http://ourproxy.ourdomain.com:8080 \
    --proxy-anyauth -U hobbituser:hobbitpassword \
    -m $TIMEOUT \
    -w 'Seconds:     %{time_total}\n' \
    -s -S -L -I $TESTURL | $GREP -v Set-Cookie`

if [ "$?" -eq "0" ]; then
 COLOR=green
else
 COLOR=red
fi

# convert dots to commas in the hostname
MACHINE=`echo $TESTHOST | $SED -e 's/\./\,/g'

$BB $BBDISP "status $MACHINE.home $COLOR `date`

$MESSAGE"

If someone else has already done that, great.

Thomas

P.S. the alternative to NTLM is connecting via LDAP to AD servers that
don't have LDAPS enabled (yet), which I'd rather not do.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20160322/7b3e4087/attachment.html>


More information about the Xymon mailing list