cntlm enterprise proxy

Linux

$ apt-get update
$ apt-get install cntlm

Sample Configuration:

#
# Cntlm Corporate Authentication Proxy Configuration
# Olivier HO-A-CHUCK (olivier hoachuck at gmail dot com)
#
# NOTE: all values are parsed literally, do NOT escape spaces,
# do not quote. Use 0600 perms if you use plaintext password.
#

Username <my corporate proxy server login>
Domain       <my corporate domain>
#Password    password
# NOTE: Use plaintext password only at your own risk
# Use hashes instead. You can use a "cntlm -M" and "cntlm -H"
# command sequence to get the right config for your environment.
# See cntlm man page
# Example secure config shown below.
# PassLM          1AD35398BE6565DDB5C4EF70C0593492
# PassNT          77B9081511704EE852F94227CF48A793
### Only for user ''testuser'', domain ''corp-uk''
# PassNTLMv2      D5826E9C665C37C80B53397D5C07BBCB
PassLM          4C9BAEACD84894427BB0A43F5159B60C
PassNT          92F6BCD672935B05CD5404E8D21EF0CB
PassNTLMv2      19A143B36404B9D97037AEA529481D78    # Only for user ''<proxy urser login>'', domain ''<corporate domain>''

# Specify the netbios hostname cntlm will send to the parent
# proxies. Normally the value is auto-guessed.
#
# Workstation    netbios_hostname

# List of parent proxies to use. More proxies can be defined
# one per line in format <proxy_ip>:<proxy_port>
#
#Proxy       10.0.0.41:8080
#Proxy       10.0.0.42:8080
# MY CORPORATE PROXY
Proxy        <corporate proxy IP>:8080
Proxy        <corporate proxy IP>:8080

# List addresses you do not want to pass to parent proxies
# * and ? wildcards can be used
#
NoProxy      localhost, 127.0.0.*, 10.*, 192.168.*

# Specify the port cntlm will listen on
# You can bind cntlm to specific interface by specifying
# the appropriate IP address also in format <local_ip>:<local_port>
# Cntlm listens on 127.0.0.1:3128 by default
#
Listen       3128

# If you wish to use the SOCKS5 proxy feature as well, uncomment
# the following option. It can be used several times
# to have SOCKS5 on more than one port or on different network
# interfaces (specify explicit source address for that).
#
# WARNING: The service accepts all requests, unless you use
# SOCKS5User and make authentication mandatory. SOCKS5User
# can be used repeatedly for a whole bunch of individual accounts.
#
#SOCKS5Proxy 8010
#SOCKS5User  dave:password

# Use -M first to detect the best NTLM settings for your proxy.
# Default is to use the only secure hash, NTLMv2, but it is not
# as available as the older stuff.
#
# This example is the most universal setup known to man, but it
# uses the weakest hash ever. I won''t have it''s usage on my
# conscience. :) Really, try -M first.
#
#Auth        LM
#Flags       0x06820000

# Enable to allow access from other computers
#
#Gateway yes

# Useful in Gateway mode to allow/restrict certain IPs
# Specifiy individual IPs or subnets one rule per line.
#
#Allow       127.0.0.1
#Deny        0/0

# GFI WebMonitor-handling plugin parameters, disabled by default
#
#ISAScannerSize     1024
#ISAScannerAgent    Wget/
#ISAScannerAgent    APT-HTTP/
#ISAScannerAgent    Yum/

# Headers which should be replaced if present in the request
#
#Header      User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)

# Tunnels mapping local port to a machine behind the proxy.
# The format is <local_port>:<remote_host>:<remote_port>
# 
#Tunnel      11443:remote.com:443

Change a few lines:

Username  xxxxxxx
Domain    hbxx
...
PassLM          66D12E7B1A03E90337E9981628C73A26
PassNT          BFBEB2CE1CF0D456FE419D98F1AC1B49
PassNTLMv2      F8EFD9A86065BAEF56FEDCBD2BF72FE0    # Only for user ''xxxxxxxx'', domain ''hbxx''
...
# MY CORPORATE PROXY
# my.corp.proxy
Proxy     130.36.43.26:8080

Generate the hash

$ cntlm -H -c /usr/local/etc/cntlm.conf 
Password: 
PassLM          4C9BAEACD84894427BB0A43F5159B60C
PassNT          92F6BCD672935B05CD5404E8D21EF0CB
PassNTLMv2      19A143B36404B9D97037AEA529481D78    # Only for user ''<proxy urser login>'', domain ''<corporate domain>''

Test connection

$ cntlm -I -M http://google.com

If everything is fine, run

$ cntlm # will run in background as a daemon

Ubuntu

Install cntlm offline

$ dpkg install cntlm_0.92.3_amd64.deb

Windows

Download: http://cntlm.sourceforge.net/

Content of start_cntlm.bat

cd c:\the_install_directory_of_cntlm
cntlm -v -f -c "cntlm.ini"

Start CNTLM service.

> npm config set proxy http://localhost:53128
> npm config set https-proxy http://localhost:53128
> npm config set registry http://registry.npmjs.org

> npm install express

Ref: [Windows 7] CNTLM and NPM behind NTLM proxy

Usage Example

$ export http_proxy=http://localhost:3128
$ export https_proxy=https://localhost:3128

$ git clone http://github.com/MugunthKumar/MKNetworkKit.git

Stop cntlm

It was found below command is not working. No idea why.

$ service cntlm stop
gltcits@ubuntu:~/cntlm$ netstat -tulpn
(Not all processes could be identified, non-owned process info
 will not be shown, you would have to be root to see it all.)
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 127.0.1.1:53            0.0.0.0:*               LISTEN      -               
tcp        0      0 127.0.0.1:3128          0.0.0.0:*               LISTEN      7937/cntlm      
udp        0      0 0.0.0.0:5353            0.0.0.0:*                           -               
udp        0      0 0.0.0.0:54623           0.0.0.0:*                           -               
udp        0      0 127.0.1.1:53            0.0.0.0:*                           -               
udp        0      0 0.0.0.0:68              0.0.0.0:*                           -               
udp        0      0 0.0.0.0:68              0.0.0.0:*                           -               
udp        0      0 0.0.0.0:631             0.0.0.0:*                           -               
udp6       0      0 :::5353                 :::*                                -               
udp6       0      0 :::53804                :::*    

PID: 7937

# kill it
$ kill 7937

Reference

Linux

Windows

Show Comments