NTLM Authentication to Backend (Windows IIS)

I am trying to determine how to do a health check against backend servers in HAProxy with NTLM authentication (Windows IIS servers). As I understand, it is ‘multistage’ in that it will do a ‘basic’ auth first, return a 401, and then try again with different headers.

This is baked into the http monitor in f5’s BIGIP as I recently learned, it tries basic auth first, and then failing that attempts NTLM. Is there a way to mimick this in HA-Proxy?

The external health check might be one way, obviously in theory it allows you to script whatever check you want!

I can imagine how it might be done for sure.

If HAProxy has a better way I’ll let others weigh in…

on which plattform do you run HAProxy? Linux?

You can use msnt_auth from Samba


add this to you health-check script.


1 Like