Hi ,
we have a NTLM windows proxy server. When i tried to test the cntlm from a linux box whose parent proxy is configured as the NTLM proxy server. Configured the NTLM as mentioned in the manual. And tested cntlm usng -M <testurl> option gave "Credentials rejected".
The following are my cofigurations:
[root@CTSINKOCICAPPKpoc]#cat/etc/cntlm.conf##CntlmAuthenticationProxyConfiguration##NOTE:allvaluesareparsedliterally,doNOTescapespaces,#donotquote.Use0600permsifyouuseplaintextpassword.#UsernameusernameDomaindomain_namePasswordpasswd#NOTE:Useplaintextpasswordonlyatyourownrisk#Usehashesinstead.Youcanusea"cntlm -M"and"cntlm -H"#commandsequencetogettherightconfigforyourenvironment.#Seecntlmmanpage#Examplesecureconfigshownbelow.###Onlyforuser'testuser',domain'corp-uk'#Specifythenetbioshostnamecntlmwillsendtotheparent#proxies.Normallythevalueisauto-guessed.##Workstationnetbios_hostname#Listofparentproxiestouse.Moreproxiescanbedefined#oneperlineinformat<proxy_ip>:<proxy_port>#Proxyntlm_proxy:port#Proxy10.0.0.42:8080#Listaddressesyoudonotwanttopasstoparentproxies#*and?wildcardscanbeused#NoProxylocalhost,127.0.0.*,10.*,192.168.*#Specifytheportcntlmwilllistenon#Youcanbindcntlmtospecificinterfacebyspecifying#theappropriateIPaddressalsoinformat<local_ip>:<local_port>#Cntlmlistenson127.0.0.1:3128bydefault#Listen3128#IfyouwishtousetheSOCKS5proxyfeatureaswell,uncomment#thefollowingoption.Itcanbeusedseveraltimes#tohaveSOCKS5onmorethanoneportorondifferentnetwork#interfaces(specifyexplicitsourceaddressforthat).##WARNING:Theserviceacceptsallrequests,unlessyouuse#SOCKS5Userandmakeauthenticationmandatory.SOCKS5User#canbeusedrepeatedlyforawholebunchofindividualaccounts.##SOCKS5Proxy8010#SOCKS5Userdave:password#Use-MfirsttodetectthebestNTLMsettingsforyourproxy.#Defaultistousetheonlysecurehash,NTLMv2,butitisnot#asavailableastheolderstuff.##Thisexampleisthemostuniversalsetupknowntoman,butit#usestheweakesthashever.Iwon't have it'susageonmy#conscience.:)Really,try-Mfirst.#AuthNTLMFlags0x06820000#Flags0xA208B207#Enabletoallowaccessfromothercomputers##Gatewayyes#UsefulinGatewaymodetoallow/restrictcertainIPs#SpecifiyindividualIPsorsubnetsoneruleperline.##Allow127.0.0.1#Deny0/0#NTLM-to-basicyes#GFIWebMonitor-handlingpluginparameters,disabledbydefault##ISAScannerSize1024#ISAScannerAgentWget/#ISAScannerAgentAPT-HTTP/#ISAScannerAgentYum/#Headerswhichshouldbereplacedifpresentintherequest##HeaderUser-Agent:Mozilla/4.0(compatible;MSIE5.5;Windows98)#Tunnelsmappinglocalporttoamachinebehindtheproxy.#Theformatis<local_port>:<remote_host>:<remote_port>##Tunnel11443:remote.com:443[root@CTSINKOCICAPPKpoc]#cntlm-Mhttp://google.comPassword:Configprofile1/4...CredentialsrejectedConfigprofile2/4...OK(HTTPcode:301)----------------------------[Profile1]------AuthNTLMPassNT2CF19552541224E2546F92DB21AFD4DEPassLM32C1AD36CB24C8523D5DF3518DD91E82------------------------------------------------
Thanks in advance.
Sajith
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi ,
we have a NTLM windows proxy server. When i tried to test the cntlm from a linux box whose parent proxy is configured as the NTLM proxy server. Configured the NTLM as mentioned in the manual. And tested cntlm usng -M <testurl> option gave "Credentials rejected".
The following are my cofigurations:
Thanks in advance.
Sajith