I can't get cntml to authenticate my Ipod through my work computer on my NTML based corporate network.
When I debug by running "cntlm -v -f -T debug.txt", it tells me "Proxy listening on 0.0.0.0:3129". Why is this not 127.0.0.1:3129 as expected ?
Here is my debug.txt
Cntlm debug trace, version 0.90 win32/cygwin port.
Command line: cntlm -v -f -T debug.txt
config file opened successfully
cntlm: Proxy listening on 0.0.0.0:3129
cntlm: Resolving proxy proxyus2.huawei.com…
cntlm: Resolving proxy proxyus2.huawei.com…
cntlm: New ACL rule: allow 127.0.0.1/32
cntlm: New ACL rule: allow 10.193.101.160/32
cntlm: Using following NTLM hashes: NTLMv2(1) NT(0) LM(0)
cntlm: PID 2136: Cntlm ready, staying in the foreground
Here is my config file
#
# Cntlm Authentication Proxy Configuration
#
# NOTE: all values are parsed literally, do NOT escape spaces,
# do not quote. Use 0600 perms if you use plaintext password.
#
Username xxxx\r00901104
Domain xxxxx.xxxxxx.com
#Password # Use hashes instead (-H)
Workstation Robert_Mapes-1.xxxxx.xxxxxx.com # Should be auto-guessed
#
# This is the port number where Cntlm will listen
#
Listen 3129
#
# If you wish to use the SOCKS5 proxy feature as well, uncomment
# the following option, SOCKS5. It can be used several times
# to have SOCKS5 on more than one port or on different network
# interfaces (specify explicit source address for that).
#
# WARNING: The service accepts all requests, unless you use
# SOCKS5User and make authentication mandatory. SOCKS5User
# can be used repeatedly for a whole bunch of individual accounts.
#
#SOCKS5Proxy 8010
#SOCKS5User dave:password
#
# Use -M first to detect the best NTLM settings for your proxy.
# Default is to use the only secure hash, NTLMv2, but it is not
# as available as the older stuff.
#
# This example is the most universal setup known to man, but it
# uses the weakest hash ever. I won't have it's usage on my
# conscience. :) Really, try -M first.
#
Auth NTLMv2
PassNTLMv2 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
#Flags 0x06820000
#
# Enable to allow access from other computers
#
Gateway yes
#
# Useful in Gateway mode to allow/restrict certain IPs
#
Allow 127.0.0.1
Allow 10.193.101.160
#Deny 0/0
I figured where I went wrong.. I need to disable the Gateway functionality (I had reasoned that I needed to enable it to allow access from other computers (i.e., my Ipod). So now, I get "listening on 127.0.0.1", as would be expected. I will try to connect with my Ipod next.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi, please help.
I can't get cntml to authenticate my Ipod through my work computer on my NTML based corporate network.
When I debug by running "cntlm -v -f -T debug.txt", it tells me "Proxy listening on 0.0.0.0:3129". Why is this not 127.0.0.1:3129 as expected ?
Here is my debug.txt
Cntlm debug trace, version 0.90 win32/cygwin port.
Command line: cntlm -v -f -T debug.txt
config file opened successfully
cntlm: Proxy listening on 0.0.0.0:3129
cntlm: Resolving proxy proxyus2.huawei.com…
cntlm: Resolving proxy proxyus2.huawei.com…
cntlm: New ACL rule: allow 127.0.0.1/32
cntlm: New ACL rule: allow 10.193.101.160/32
cntlm: Using following NTLM hashes: NTLMv2(1) NT(0) LM(0)
cntlm: PID 2136: Cntlm ready, staying in the foreground
Here is my config file
#
# Cntlm Authentication Proxy Configuration
#
# NOTE: all values are parsed literally, do NOT escape spaces,
# do not quote. Use 0600 perms if you use plaintext password.
#
Username xxxx\r00901104
Domain xxxxx.xxxxxx.com
#Password # Use hashes instead (-H)
Workstation Robert_Mapes-1.xxxxx.xxxxxx.com # Should be auto-guessed
Proxy proxyus2.xxxxxx.com:8080
Proxy proxyus2.xxxxxx.com:8080
#NoProxy localhost, 127.0.0.*, 10.*, 192.168.*
#
# This is the port number where Cntlm will listen
#
Listen 3129
#
# If you wish to use the SOCKS5 proxy feature as well, uncomment
# the following option, SOCKS5. It can be used several times
# to have SOCKS5 on more than one port or on different network
# interfaces (specify explicit source address for that).
#
# WARNING: The service accepts all requests, unless you use
# SOCKS5User and make authentication mandatory. SOCKS5User
# can be used repeatedly for a whole bunch of individual accounts.
#
#SOCKS5Proxy 8010
#SOCKS5User dave:password
#
# Use -M first to detect the best NTLM settings for your proxy.
# Default is to use the only secure hash, NTLMv2, but it is not
# as available as the older stuff.
#
# This example is the most universal setup known to man, but it
# uses the weakest hash ever. I won't have it's usage on my
# conscience. :) Really, try -M first.
#
Auth NTLMv2
PassNTLMv2 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
#Flags 0x06820000
#
# Enable to allow access from other computers
#
Gateway yes
#
# Useful in Gateway mode to allow/restrict certain IPs
#
Allow 127.0.0.1
Allow 10.193.101.160
#Deny 0/0
#
# GFI WebMonitor-handling plugin parameters, disabled by default
#
#ISAScannerSize 1024
#ISAScannerAgent Wget/
#ISAScannerAgent APT-HTTP/
#ISAScannerAgent Yum/
#
# Headers which should be replaced if present in the request
#
#Header User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)
#
# Tunnels mapping local port to a machine behind the proxy
#
#Tunnel 11443:remote.com:443
I figured where I went wrong.. I need to disable the Gateway functionality (I had reasoned that I needed to enable it to allow access from other computers (i.e., my Ipod). So now, I get "listening on 127.0.0.1", as would be expected. I will try to connect with my Ipod next.
Solved via email.