vADC Forum

Reply
Contributor
Posts: 27
Registered: ‎05-08-2013
Accepted Solution

How can I pass NTLM headers in a health monitor test?

I have a bunch of web servers serving an internal intranet. I would like to configure a health monitor that makes a connection to the machine, and effectively logs onto the web server by passing in the NTLM authentication credentials.

If this check is OK, then the server remains in the pool; if this check fails 3 times in a row, server is removed from the pool.

How can I do this?

Frequent Contributor
Posts: 321
Registered: ‎11-29-2012

Re: How can I pass NTLM headers in a health monitor test?

You can't do this with the built-in Health Monitors (Feature Brief: Health Monitoring in Stingray Traffic Manager), but you can create a custom health monitor to do this.

There's a good selection of perl, python, ruby and other implementations of NTLM-aware client libraries you can use, but here's a health monitor that just uses wget, so you can run in on the Stingray Virtual Appliance.


#!/bin/bash



# Process the health monitor arguments


args=( $@ );


for (( i=0; $i < $# ; i++ ))


do


  [[ "${args[$i]}" =~ --ipaddr= ]] && ipaddr=${args[$i]#*=} && continue


  [[ "${args[$i]}" =~ --port= ]]  && port=${args[$i]#*=} && continue


  [[ "${args[$i]}" =~ --node= ]]  && node=${args[$i]#*=} && continue


  [[ "${args[$i]}" =~ --host= ]]  && host=${args[$i]#*=} && continue


  [[ "${args[$i]}" =~ --path= ]]  && path=${args[$i]#*=} && continue


  [[ "${args[$i]}" =~ --user= ]]  && user=${args[$i]#*=} && continue


  [[ "${args[$i]}" =~ --pass= ]]  && pass=${args[$i]#*=} && continue


  [[ "${args[$i]}" =~ --verbose ]] && verbose="--verbose" && continue


  [[ "${args[$i]}" =~ --failures_left= ]] && failures_left=${args[$i]#*=} && continue


done



# Path and Host header are optional. If we don't have them, set defaults.


[ -z "$path" ] && path="/"


[ -z "$host" ] && host="$node:$port"



# Disable verbose output if not requested.


[ -z "$verbose" ] && verbose=""



# All server headers and body are stored in the output variable.


output=$( wget "--header=Host: $host" --http-user="$user" --http-passwd="$pass" \


  $verbose -O - -S http://$ipaddr:$port$path 2>&1 )



[ $verbose ] && echo $output



# The output will have a few 401, and at least 1 200 response code if we authenticated.


echo $output | grep "HTTP/1.1 200 OK" > /dev/null


result=$?



[ $result -ne 0 ] && echo $output >&2



exit $result


It's a while since I've tested this, so please first give it a go from the command line and verify that it works:


$ ./ntlmtest.sh --ipaddr=1.1.1.1 --port=80 --node=www.foo.com \


    --host=www.foo.com --path=/wibble --user=owen --pass=mememe \


    --verbose --failures_left=2


$ echo $?


If the monitor was successful, then echo $? should print '0'.

When you install this as a custom health monitor, you'll need to add the following parameters:

  • host (optional): the host header to use in the request; otherwise, we'll guess it from the node's name and port
  • path (optional): defaults to '/'
  • user: the NTLM username
  • pass: the NTLM password

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.