Credentials rejected for cntlm

[sajith]

Hi ,
we have a NTLM windows proxy server. When i tried to test the cntlm from a linux box whose parent proxy is configured as the NTLM proxy server. Configured the NTLM as mentioned in the manual. And tested cntlm usng -M <testurl> option gave  "Credentials rejected".

The following are my cofigurations:

[root@CTSINKOCICAPPK poc]# cat /etc/cntlm.conf
#
# Cntlm Authentication Proxy Configuration
#
# NOTE: all values are parsed literally, do NOT escape spaces,
# do not quote. Use 0600 perms if you use plaintext password.
#
Username        username
Domain          domain_name
Password        passwd
# NOTE: Use plaintext password only at your own risk
# Use hashes instead. You can use a "cntlm -M" and "cntlm -H"
# command sequence to get the right config for your environment.
# See cntlm man page
# Example secure config shown below.
### Only for user 'testuser', domain 'corp-uk'
# Specify the netbios hostname cntlm will send to the parent
# proxies. Normally the value is auto-guessed.
#
# Workstation   netbios_hostname
# List of parent proxies to use. More proxies can be defined
# one per line in format <proxy_ip>:<proxy_port>
#
Proxy           ntlm_proxy:port
#Proxy          10.0.0.42:8080
# List addresses you do not want to pass to parent proxies
# * and ? wildcards can be used
#
NoProxy         localhost, 127.0.0.*, 10.*, 192.168.*
# Specify the port cntlm will listen on
# You can bind cntlm to specific interface by specifying
# the appropriate IP address also in format <local_ip>:<local_port>
# Cntlm listens on 127.0.0.1:3128 by default
#
Listen          3128
# If you wish to use the SOCKS5 proxy feature as well, uncomment
# the following option. It can be used several times
# to have SOCKS5 on more than one port or on different network
# interfaces (specify explicit source address for that).
#
# WARNING: The service accepts all requests, unless you use
# SOCKS5User and make authentication mandatory. SOCKS5User
# can be used repeatedly for a whole bunch of individual accounts.
#
#SOCKS5Proxy    8010
#SOCKS5User     dave:password
# Use -M first to detect the best NTLM settings for your proxy.
# Default is to use the only secure hash, NTLMv2, but it is not
# as available as the older stuff.
#
# This example is the most universal setup known to man, but it
# uses the weakest hash ever. I won't have it's usage on my
# conscience. :) Really, try -M first.
#
Auth            NTLM
Flags           0x06820000
#Flags          0xA208B207
# Enable to allow access from other computers
#
#Gateway        yes
# Useful in Gateway mode to allow/restrict certain IPs
# Specifiy individual IPs or subnets one rule per line.
#
#Allow          127.0.0.1
#Deny           0/0
#NTLM-to-basic  yes
# GFI WebMonitor-handling plugin parameters, disabled by default
#
#ISAScannerSize     1024
#ISAScannerAgent    Wget/
#ISAScannerAgent    APT-HTTP/
#ISAScannerAgent    Yum/
# Headers which should be replaced if present in the request
#
#Header         User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)
# Tunnels mapping local port to a machine behind the proxy.
# The format is <local_port>:<remote_host>:<remote_port>
#
#Tunnel         11443:remote.com:443

[root@CTSINKOCICAPPK poc]# cntlm -M http://google.com
Password:
Config profile  1/4... Credentials rejected
Config profile  2/4... OK (HTTP code: 301)
----------------------------[ Profile  1 ]------
Auth            NTLM
PassNT          2CF19552541224E2546F92DB21AFD4DE
PassLM          32C1AD36CB24C8523D5DF3518DD91E82
------------------------------------------------

Thanks in advance.
Sajith