At some point you may find yourself at a company that uses a Microsoft ISA proxy server. ISA is proprietary proxy server created by Microsoft that uses their own methods for authentication, making it difficult to integrate other operating systems. Microsoft decided to make it difficult for people to integrate by not using standard proxy protocols. Luckily there is a solution for Linux users.

By using NTLMAPS on your Linux box you can prevent your software from having to authenticate every time you want to get on the web. NTLMAPS is an ISA-Standard pass-through proxy server written in python that authenticates your connection for you in one spot, preventing you from having to enter your password in all the Internet software you use. This also includes command lines tools such as Links, Emerge and some other tools.

You’re going to want to download the latest version of Python before installing NTLMAPS. When you uncompress the software you’ll see a server.cfg file. Some of the variables are confusing, or at least they used to be, so I’ll write a quick description of them here.

LISTEN_PORT: 5865 – The port you will connect to from your applications.
PARENT_PROXY_PORT: 8080 – The port of the ISA proxy server.
PARENT_PROXY: 192.168.1.1 – The IP or host of the ISA proxy server
NT_DOMAIN: Workgroup – This is the domain of your network. Most ISA server will be using this so you’ll want to at least try it if you’re having problems.

The rest of the options in the NTLMAPS server.cfg file are pretty self explanatory. Using NTLMAPS I was able to install Gentoo Linux from behind a Microsoft ISA Proxy Server. Most everything went pretty smooth after setting the http_proxy and ftp_proxy environment variables.

To sum things up, if you need to connect through a Microsoft ISA Proxy server, but you want to use standard proxy information in your applications, check out NTLMAPS.