I have a web app (trac) that back ends to Active Directory via NTLM, and would like to test that the actual login functionality is working... has anyone done this? I found a script that does NTLM to a proxy for external connectivity checks, and figured out that curl can do NTLM, so I have "curl", on it's own, able to successfully authenticate (using a privilege stripped account).

Question: is the authentication to the web app done in the clear when the URL is of the form http:// as below... the Windows guys state that

Two: does anyone have a pre-written script?

I'm planning to integrate the following command, and adapt the referenced script... which I guess would function as an external plugin, so to speak.

curl --ntlm -u 'DOMAIN\account:password' -s -S -L -I http://host.example.com/trac/login -m 30 -w 'Seconds: %{time_total}\n'

Note: script hasn't yet been adapted

#!/bin/sh

TESTHOST=www.google.com<http://www.google.com> TESTURL=http://$TESTHOST/

<http://%24testhost/>TIMEOUT=30

Grab *just* the headers, simulating Xymon's builtin http check

MESSAGE=curl -x http://ourproxy.ourdomain.com:8080 \ --proxy-anyauth -U hobbituser:hobbitpassword \ -m $TIMEOUT \ -w 'Seconds: %{time_total}\n' \ -s -S -L -I $TESTURL | $GREP -v Set-Cookie

if [ "$?" -eq "0" ]; then COLOR=green else COLOR=red fi

convert dots to commas in the hostname

MACHINE=`echo $TESTHOST | $SED -e 's/\./\,/g'

$BB $BBDISP "status $MACHINE.home $COLOR date

$MESSAGE"

If someone else has already done that, great.

Thomas

P.S. the alternative to NTLM is connecting via LDAP to AD servers that don't have LDAPS enabled (yet), which I'd rather not do.