Apache reverse proxy NTLM

deibel used Ask the Experts™
Hi experts,

we successfully built a reverse proxy for Exchange including rpc module for Outlook anywhere.
We read, that NTLM auth can't be transparent through the Proxy because it authenticates the tcp session rather than the http session. A solution for the out of Office assistant shall be to enable Basic authentication in IIS Manager.

so far so good

We then tried serving the GFI Mailarchiver Website through our proxy. GFI uses NTLM as well and is hosted on an IIS in our Network. Unfortunately, when opening IISmanager/authentication, we cannot simply activate Basic authentication, because it is not listed as an option there.

We then read about a mod_auth_ntlm_winbind, which might have something to do with samba.
To be honest, we don't really understand how to install and use this module on a Ubuntu/Apache2 Plattform.

Do we need to have samba installed on the machine to get this working?
We only want to use the machine as a http/https reverse proxy in our DMZ.

If samba needs to be installed, does the machine Need to be a domain-member of the target domain?
There it goes. We want to use the proxy for different domains that have nothing to do with each other.

Has anyone successfully built an Apache2 reverse proxy with auth_ntlm_winbind and can help us to add the NTLM Support?

Thanks in advance
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Top Expert 2016
go into the add/remove windows components and add basic authentication
iis security features


tadaa, that worked!
Thank you.

But from authentication i stumbled into the next Problem with a aspx site.
But I'll open a new ticket for that


Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial