Cntlm

In order for tools such as NPM, GIT, Bower, Ruby, and a variety of other applications to work with the corporate proxy. Let's use a local authentication proxy to attach your NTLM credentials to outgoing requests to the proxy. This is much safer than using BASIC authentication which does not encrypt your password. This approach should be generic enough to work on both Windows and Linux and with a variety of different applications, as long as they have simple proxy support.

Proxy Authenticate

The proxy seems to accept two authentication mechanisms:

  • Proxy-Authenticate: NTLM
  • Proxy-Authenticate: BASIC realm="LM" The better one is NTLM, as BASIC auth only encodes your password and does not encrypt it.
Install NTLM:
  1. Install Cntlm (http://cntlm.sourceforge.net/) Or - https://sourceforge.net/projects/cntlm/files/latest/download WARNING - If you install cntlm in any location on your computer other than the default (C:\Program Files (x86)\Cntlm) - the cntlm Windows service will not run properly.
  2. Make sure the CNTLM service is stopped before you update ini/conf file.
  3. Open Notepad as an administrator. To open the file in administrator mode, instead of left clicking on Notepad to open it, right click it. ( Start Menu > All Programs > Accessories > Right Click on Notepad > Run as administrator)
  4. Then open cntlm.ini using File -> Open. (in the the cntlm directory, probably C:\Program Files (x86)\Cntlm).
  5. Set your username and the domain, like follows. This step is necessary before generating your password hash: cntlm.ini Username <> Domain ABC
  6. Save the file. (You MUST save this file with your UserName before proceeding to create a password hash. This is a critical step so that creating your password hash will work properly.)
  7. Create Password Hash. This step needs to be repeated every time you synchronize your password. Open a Command Prompt (don’t use git bash) and navigate to your cntlm directory (probably C:\Program Files (x86)\Cntlm) Type in the following command at command prompt

cntlm -v -H

// -v prints out debugging info, note, it is lower case ‘v’. // -H prints password hashes

  1. Enter your password when prompted, you will get three rows as output, all you need to care about is the PassNTLMv2 and associated hash.
  2. Open you cntlm.ini file with Notepad in administrator mode again (see Step 4).
  3. The first bit of your file needs to look something like this. Put your password hash from step 4 where indicated, and ensure that Proxy is set up like below. You may want to ping www-proxy.lmig.com first to make sure the below IP is still correct. Also ensure that Auth is set to NTLMv2 like below
  4. Enter your password when prompted, you will get three rows as output, all you need to care about is the PassNTLMv2 and associated hash.
  5. Open you cntlm.ini file with Notepad in administrator mode again (see Step 4).
  6. The first bit of your file needs to look something like this. Put your password hash from step 4 where indicated, and ensure that Proxy is set up like below. You may want to ping www-proxy.lmig.com first to make sure the below IP is still correct. Also ensure that Auth is set to NTLMv2 like below
Set Your Environment Variables

set your proxy environment variables to point to the new authentication proxy.

Open up the environment variables window: Start > Right click on "Computer" > Properties > Advanced System Settings > Advanced Tab > Environment Variables Under "System Variables" select "New" and add the following variables: var: HTTP_PROXY value: http://localhost:3128 var: HTTPS_PROXY value: http://localhost:3128

Java Proxy Settings Only specify this environment variable if you want ALL http/https requests made from any java process to be routed through the proxy. For most Java process that only talk to internal resources this is unnecessary.
var: JAVA_TOOL_OPTIONS=-Dhttps.proxyHost=localhost -Dhttps.proxyPort=3128 -Dhttp.proxyHost=localhost -Dhttp.proxyPort=3128

Re-Start CNTLM

Restarting cntlm will be necessary from time to time for reasons such as you modified your cntlm.ini file or if something caused the service to stop.

Using Services Application

  1. From the "Search Windows" toolbar, search for services. Choose "Services | Desktop app" result.
  2. Find the Cntlm service in the list and start it.

Using Command Line Run the following command net start cntlm

results matching ""

    No results matching ""