Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Cntlm Ubuntu Download
80 views
Skip to first unread message
Rosy Felde
Dec 31, 2023, 2:14:53 AM12/31/23
to
I am trying to setup cntlm on ubuntu13 for NTLM authentication. I used apt-get install to setup ctlm. My cntlm.conf file in the etc directory is copied below - the username/domain and password are correct (I have tested them with a different application). However, when I try to start cntlm via /etc/init.d/ntlm start (or restart), it always fails with the error message copied at the end. Any suggestions to fix or troubleshoot this will be greatly appreciated.
cntlm ubuntu download
Download File https://t.co/8H4rHKEvO9
Updatecntlm appears to be running on port 3128. I pointed IE to use the proxy on the correct IP address and port number - however, the connection times out. Any suggestions on troubleshooting this wil be appreciated.
I've just installed ubuntu 18.4 on my server. As we are behind a firewall so I need a proxy. Linux and my company's proxy do not work together, therefore I've installed cntlm on one computer. This service has a proper authentification on our companies proxy. Then I tried to get this cntlm-proxy from my server.
Thank you very much. With no connection to the internet as such I tried to use the cntlm service running on my windows client and trying to address this Service from my ubuntu server. This did not work. I did download the cntlm somewhere else and then installed it directly on the ubuntu server. Using your explanation, and after rebooting the system it finaly worked.
Here comes Cntlm. It stands between your applications and the corporate proxy,adding NTLM authentication on-the-fly. You can specify several "parent" proxiesand Cntlm will try one after another until one works. All auth'd connectionsare cached and reused to achieve high efficiency. Just point your apps proxysettings at Cntlm, fill in cntlm.conf (cntlm.ini) and you're ready to do. Thisis useful on Windows, but essential for non-Microsoft OS's.
WARNING: please understand that any unannounced versions on the FTP are forinternal/development purposes only, usually beta testing. Until properlyadvertised on the official homepage, , and uploadedto sourceforge.net archives, it is to be considered highly unstable and oughtto be replaced by the final build when available.Configuration hintsAfter installation, you have to locate the configuration file. The defaultfor Linux packages is /etc/cntlm.conf, for locally compiled sourcedistribution ("./configure; make; make install") it's /usr/local/etc/cntlm.confand for Windows installer it's %PROGRAMFILES%\Cntlm\cntlm.ini (usuallyX:\Program Files\Cntlm\cntlm.ini, where X is your system drive).
Next, we need to find out which NTLM dialect your proxy understands. It's ajungle out there and it can be quite challenging (i.e. boooring) to find aworking NTLM setup - thank Bill. Good thing Cntlm has this magic switch to doit for you - thank me. :) Save the configuration and run the following command;when asked, enter your proxy access password:$ cntlm -I -M Config profile 1/11... OK (HTTP code: 200)Config profile 2/11... OK (HTTP code: 200)Config profile 3/11... OK (HTTP code: 200)Config profile 4/11... OK (HTTP code: 200)Config profile 5/11... OK (HTTP code: 200)Config profile 6/11... Credentials rejectedConfig profile 7/11... Credentials rejectedConfig profile 8/11... OK (HTTP code: 200)Config profile 9/11... OK (HTTP code: 200)Config profile 10/11... OK (HTTP code: 200)Config profile 11/11... OK (HTTP code: 200)----------------------------[ Profile 0 ]------Auth NTLMv2PassNTLMv2 4AC6525378DF8C69CF6B6234532943AC------------------------------------------------You see, NTLMv2 - I told you to use it, now it's official. :)BTW, here you can see all tests running - it's just for demonstration purposes.Normal version finishes when it finds the first (i.e. most secure) workingsetup.
Hi,
Moved to Arch on VMware after getting fed up with the bloated distro that starts with 'U'. Spent a day setting everything up, which made me feel like 2002. Then got stumped with internet access at work.
Internet (wired/wireless) works fine at home, wired doesn't work at work (no wireless). ping complains of unknown host. Followed Network configuration and dhcpcd, didn't help. Of course installed and configured cntlm. 'U' distro connects to internet fine and as far as I compared, has the same settings (/etc/hosts, /etc/cntlm.conf, .bashrc)
So once cntlm listens on all interface you can give the ip address of your machines interface that is connected to your office network as the proxy host. As the machine created using docker-machine has a virtualbox nat interface, it can connect to cntlm without any issues.
Say my laptop running virtualbox and cntlm has three IPs: 127.0.0.1 (lo0), 192.168.10.55 (en0), and 192.168.99.1 (vboxnet1). The exact IPs and interface names will vary with the exact setup, so double check yours using ifconfig.
Quoted from the official ctnlm sourceforge.net Website: "Cntlm is an NTLM / NTLM Session Response / NTLMv2 authenticating HTTP proxy intended to help you break free from the chains of Microsoft proprietary world. You can use a free OS and honor our noble idea, but you can't hide. Once you're behind those cold steel bars of a corporate proxy server requiring NTLM authentication, you're done with. The same even applies to 3rd party Windows applications, which don't support NTLM natively.Here comes Cntlm. It stands between your applications and the corporate proxy, adding NTLM authentication on-the-fly. You can specify several "parent" proxies and Cntlm will try one after another until one works. All auth'd connections are cached and reused to achieve high efficiency. Just point your apps proxy settings at Cntlm, fill in cntlm.conf (cntlm.ini) and you're ready to do. This is useful on Windows, but essential for non-Microsoft OS's.Cntlm integrates TCP/IP port forwarding (HTTP tunneling), SOCKS5 proxy mode, standalone proxy allowing you to browse intranet as well as Internet and to access corporate web servers with NTLM protection. There are many advanced features like NTLMv2 support, password protection, password hashing, completely mutliplatform code (running on just about every architecture and OS out there) and so much more. Cntlm eats up so little resources it can be used on embedded platforms as well - it's written in plain C without any external dependencies.Cntlm has been tested against various ISA servers, WinGate, NetCache, Squid and Tinyproxy with and without NTLM auth."About this tutorialThis tutorial assumes you have a clean install of Debian 7. 1. Install CNTLMUpdate your sources:apt-get updateUpdate your installation:apt-get upgradeInstall application:apt-get install cntlm 2. Configure CNTLMOnce installed edit the configuration file:nano /etc/cntlm.confSet username, domain, remote proxy, and address with port which local proxy will listen to. Here will listen only in local interface:Username testuserDomain contoso.comProxy 10.0.0.41:8080Listen 127.0.0.1:3128Generate password hash:cntlm -HYou will see something like this:Password:PassLM 7F4BB72132BAA2A01FA94BD623A70D3BPassNT 2C27BB146F74625D159413FC1F30745FPassNTLMv2 D3972609581D8260868ED588303F0FF0 # Only for user 'testuser', domain 'contoso'Copy these lines to /etc/cntlm.conf 3. Configure Debian to use the CNTLM proxy:Execute this line to configure system to use the local proxy:export http_proxy= :3128/ 4. Configure CNTLM to listen external network:If you need to use CNTLM as a proxy server, add this line to /etc/cntlm.conf (assuming 10.0.0.1 is the local address):Listen 127.0.0.1:3128Listen 10.0.0.1:3128 LinksCNTLM: Info: _LAN_Manager
Restart the computer with no network cable attached, open Firefox and enter a URL.
0.91 behaviour: the message 'The proxy server is refusing connections' appears.
0.92 behaviour: the message '502 connection timed out. cntlm proxy failed to complete the request' appears.
Config 1: I put 3 Listen lines in cntlm.conf to only bind 3 interfaces.
On the boot log, cntlm complaints that 'Cannot bind port ', with the first 2 reason are set to the port is used and the last reason is set to interface not available. Then I got 'No proxy service ports were successfully opened' message, but a few lines later it stated that the cntlm daemon has been started sucessfully.
Later on if I did 'netstat -an grep LISTEN', I only see the first 2 interface bound to cntlm.
Manually restart the service works every time.
Config 2: Instead I set the 'Gatewayl' parameter to 'yes'.
On the boot log, cntlm is no longer complaint that it can't bind the port, however I still see 'No proxy service ports were successfully opened' message followed by successful daemon start.
On 'netstat -an grep LISTEN', I got cntlm listening to '0.0.0.0:8081', however if I use the proxy, cntlm *always* return that cntlm can't forward the request. From the IP trace of the interface, I can see cntlm does not even try to open *any* request connection, just immediately return the browser client request with the above error message.
Manually restart the service works every time.
I have just installed the cntlm 0.91rc6 a couple of days ago via aptitude, so it should have your fix in '/etc/network/if-up.d/' (I will verify this on Mon. when I get back to the office). But from the boot log, I do notice the 2nd round print about ACLs are being added. It kind of puzzled me before, but after I read your fix, I understand that this got to be the 2nd attempt to start cntlm when the network interface is finally up.
This is my situation. I have 2 network interface, eth00 (192.168.1.1) and eth10(192.168.241.1 and a bunch of other secondaries IPs). Based on the my cntlm config 1 (that I described in my original posting), I get error print on the boot log stating that the last 'Listen' interface is not available. So I guess it takes longer to bring up eth10 as it has several IPs bound to it. So when eth00 is up and invokes '/etc/network/if-up.d/', the eth10 is not ready when cntlm is started. And when finally eth10 is up, the 2nd invocation of '/etc/network/if-up.d/' won't do anything to cntlm as start-stop-daemon simply quits as cntlm has been started. The 'netstat -an grep LISTEN' seems to confirm this situation.
35fe9a5643
cntlm ubuntu download
Download File https://t.co/8H4rHKEvO9
Updatecntlm appears to be running on port 3128. I pointed IE to use the proxy on the correct IP address and port number - however, the connection times out. Any suggestions on troubleshooting this wil be appreciated.
I've just installed ubuntu 18.4 on my server. As we are behind a firewall so I need a proxy. Linux and my company's proxy do not work together, therefore I've installed cntlm on one computer. This service has a proper authentification on our companies proxy. Then I tried to get this cntlm-proxy from my server.
Thank you very much. With no connection to the internet as such I tried to use the cntlm service running on my windows client and trying to address this Service from my ubuntu server. This did not work. I did download the cntlm somewhere else and then installed it directly on the ubuntu server. Using your explanation, and after rebooting the system it finaly worked.
Here comes Cntlm. It stands between your applications and the corporate proxy,adding NTLM authentication on-the-fly. You can specify several "parent" proxiesand Cntlm will try one after another until one works. All auth'd connectionsare cached and reused to achieve high efficiency. Just point your apps proxysettings at Cntlm, fill in cntlm.conf (cntlm.ini) and you're ready to do. Thisis useful on Windows, but essential for non-Microsoft OS's.
WARNING: please understand that any unannounced versions on the FTP are forinternal/development purposes only, usually beta testing. Until properlyadvertised on the official homepage, , and uploadedto sourceforge.net archives, it is to be considered highly unstable and oughtto be replaced by the final build when available.Configuration hintsAfter installation, you have to locate the configuration file. The defaultfor Linux packages is /etc/cntlm.conf, for locally compiled sourcedistribution ("./configure; make; make install") it's /usr/local/etc/cntlm.confand for Windows installer it's %PROGRAMFILES%\Cntlm\cntlm.ini (usuallyX:\Program Files\Cntlm\cntlm.ini, where X is your system drive).
Next, we need to find out which NTLM dialect your proxy understands. It's ajungle out there and it can be quite challenging (i.e. boooring) to find aworking NTLM setup - thank Bill. Good thing Cntlm has this magic switch to doit for you - thank me. :) Save the configuration and run the following command;when asked, enter your proxy access password:$ cntlm -I -M Config profile 1/11... OK (HTTP code: 200)Config profile 2/11... OK (HTTP code: 200)Config profile 3/11... OK (HTTP code: 200)Config profile 4/11... OK (HTTP code: 200)Config profile 5/11... OK (HTTP code: 200)Config profile 6/11... Credentials rejectedConfig profile 7/11... Credentials rejectedConfig profile 8/11... OK (HTTP code: 200)Config profile 9/11... OK (HTTP code: 200)Config profile 10/11... OK (HTTP code: 200)Config profile 11/11... OK (HTTP code: 200)----------------------------[ Profile 0 ]------Auth NTLMv2PassNTLMv2 4AC6525378DF8C69CF6B6234532943AC------------------------------------------------You see, NTLMv2 - I told you to use it, now it's official. :)BTW, here you can see all tests running - it's just for demonstration purposes.Normal version finishes when it finds the first (i.e. most secure) workingsetup.
Hi,
Moved to Arch on VMware after getting fed up with the bloated distro that starts with 'U'. Spent a day setting everything up, which made me feel like 2002. Then got stumped with internet access at work.
Internet (wired/wireless) works fine at home, wired doesn't work at work (no wireless). ping complains of unknown host. Followed Network configuration and dhcpcd, didn't help. Of course installed and configured cntlm. 'U' distro connects to internet fine and as far as I compared, has the same settings (/etc/hosts, /etc/cntlm.conf, .bashrc)
So once cntlm listens on all interface you can give the ip address of your machines interface that is connected to your office network as the proxy host. As the machine created using docker-machine has a virtualbox nat interface, it can connect to cntlm without any issues.
Say my laptop running virtualbox and cntlm has three IPs: 127.0.0.1 (lo0), 192.168.10.55 (en0), and 192.168.99.1 (vboxnet1). The exact IPs and interface names will vary with the exact setup, so double check yours using ifconfig.
Quoted from the official ctnlm sourceforge.net Website: "Cntlm is an NTLM / NTLM Session Response / NTLMv2 authenticating HTTP proxy intended to help you break free from the chains of Microsoft proprietary world. You can use a free OS and honor our noble idea, but you can't hide. Once you're behind those cold steel bars of a corporate proxy server requiring NTLM authentication, you're done with. The same even applies to 3rd party Windows applications, which don't support NTLM natively.Here comes Cntlm. It stands between your applications and the corporate proxy, adding NTLM authentication on-the-fly. You can specify several "parent" proxies and Cntlm will try one after another until one works. All auth'd connections are cached and reused to achieve high efficiency. Just point your apps proxy settings at Cntlm, fill in cntlm.conf (cntlm.ini) and you're ready to do. This is useful on Windows, but essential for non-Microsoft OS's.Cntlm integrates TCP/IP port forwarding (HTTP tunneling), SOCKS5 proxy mode, standalone proxy allowing you to browse intranet as well as Internet and to access corporate web servers with NTLM protection. There are many advanced features like NTLMv2 support, password protection, password hashing, completely mutliplatform code (running on just about every architecture and OS out there) and so much more. Cntlm eats up so little resources it can be used on embedded platforms as well - it's written in plain C without any external dependencies.Cntlm has been tested against various ISA servers, WinGate, NetCache, Squid and Tinyproxy with and without NTLM auth."About this tutorialThis tutorial assumes you have a clean install of Debian 7. 1. Install CNTLMUpdate your sources:apt-get updateUpdate your installation:apt-get upgradeInstall application:apt-get install cntlm 2. Configure CNTLMOnce installed edit the configuration file:nano /etc/cntlm.confSet username, domain, remote proxy, and address with port which local proxy will listen to. Here will listen only in local interface:Username testuserDomain contoso.comProxy 10.0.0.41:8080Listen 127.0.0.1:3128Generate password hash:cntlm -HYou will see something like this:Password:PassLM 7F4BB72132BAA2A01FA94BD623A70D3BPassNT 2C27BB146F74625D159413FC1F30745FPassNTLMv2 D3972609581D8260868ED588303F0FF0 # Only for user 'testuser', domain 'contoso'Copy these lines to /etc/cntlm.conf 3. Configure Debian to use the CNTLM proxy:Execute this line to configure system to use the local proxy:export http_proxy= :3128/ 4. Configure CNTLM to listen external network:If you need to use CNTLM as a proxy server, add this line to /etc/cntlm.conf (assuming 10.0.0.1 is the local address):Listen 127.0.0.1:3128Listen 10.0.0.1:3128 LinksCNTLM: Info: _LAN_Manager
Restart the computer with no network cable attached, open Firefox and enter a URL.
0.91 behaviour: the message 'The proxy server is refusing connections' appears.
0.92 behaviour: the message '502 connection timed out. cntlm proxy failed to complete the request' appears.
Config 1: I put 3 Listen lines in cntlm.conf to only bind 3 interfaces.
On the boot log, cntlm complaints that 'Cannot bind port ', with the first 2 reason are set to the port is used and the last reason is set to interface not available. Then I got 'No proxy service ports were successfully opened' message, but a few lines later it stated that the cntlm daemon has been started sucessfully.
Later on if I did 'netstat -an grep LISTEN', I only see the first 2 interface bound to cntlm.
Manually restart the service works every time.
Config 2: Instead I set the 'Gatewayl' parameter to 'yes'.
On the boot log, cntlm is no longer complaint that it can't bind the port, however I still see 'No proxy service ports were successfully opened' message followed by successful daemon start.
On 'netstat -an grep LISTEN', I got cntlm listening to '0.0.0.0:8081', however if I use the proxy, cntlm *always* return that cntlm can't forward the request. From the IP trace of the interface, I can see cntlm does not even try to open *any* request connection, just immediately return the browser client request with the above error message.
Manually restart the service works every time.
I have just installed the cntlm 0.91rc6 a couple of days ago via aptitude, so it should have your fix in '/etc/network/if-up.d/' (I will verify this on Mon. when I get back to the office). But from the boot log, I do notice the 2nd round print about ACLs are being added. It kind of puzzled me before, but after I read your fix, I understand that this got to be the 2nd attempt to start cntlm when the network interface is finally up.
This is my situation. I have 2 network interface, eth00 (192.168.1.1) and eth10(192.168.241.1 and a bunch of other secondaries IPs). Based on the my cntlm config 1 (that I described in my original posting), I get error print on the boot log stating that the last 'Listen' interface is not available. So I guess it takes longer to bring up eth10 as it has several IPs bound to it. So when eth00 is up and invokes '/etc/network/if-up.d/', the eth10 is not ready when cntlm is started. And when finally eth10 is up, the 2nd invocation of '/etc/network/if-up.d/' won't do anything to cntlm as start-stop-daemon simply quits as cntlm has been started. The 'netstat -an grep LISTEN' seems to confirm this situation.
35fe9a5643
0 new messages