My cntlm worked before I upgraded cygwin from 1.5 to 1.7
When I start the service I got:
The Cntlm Authentication Proxy service is starting……..
The Cntlm Authentication Proxy service could not be started.
More help is available by typing NET HELPMSG 3523
I already replaced the latest version of cygwin1.dll to cntlm’s path. I can manually start cntlm without problem. However, I did notice there was a new prompt with this version of cygwin:
C:\Program Files\Cntlm>cntlm -f
cygwin warning:
MS-DOS style path detected: C:\Program Files\cntlm\cntlm.ini
Preferred POSIX equivalent is: /cntlm/cntlm.ini
CYGWIN environment variable option "nodosfilewarning" turns off this warning.
Consult the user's guide for more details about POSIX paths: http://cygwin.com/cygwin-ug-net/using.html#using-pathnames
cntlm: PID 5816: Cntlm ready, staying in the foreground
I wonder if the problem is related to above warning?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
No idea - cntlm is using it's own cygwin1.dll and it should be primary (it's in the same dir as cntlm.exe). Have you changed or deleted the cygwin1.dll in cntlm's installation dir?
Have you tried the latest 0.91 release candidate version?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
My environment get a newer version of cygwin1.dll(1.7.1) than the one came with 0.35.1(which is 1.5.24), so I replaced it with mine after installation. I think a lot of people did this here is one http://aexellentcoding.wordpress.com/
I did try 0.91
It came with cygwin1.dll(same as mine) so I just use everything out of the box. The service got started without problem. However, the proxy does not work for me, I always got 407 from my company's proxy. My colleague got HTTP OK, but all HTTPS failed, so we both back to 0.35.1
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I see, that's the problem. You cannot just update the DLL. Applications are hard-linked with it. You can change it for simple applications that use only the most common functions - maybe - but generally speaking, it's completely wrong.
Cygwin1.dll is not like your typical DLL, it's an almost complete POSIX implementation and has very very complex relations with binaries. Each Cygwin application (exe+dll) is completely standalone. The binary and the DLL are a single piece of code. You can have as many different versions of the DLL as there are POSIX apps on your system, but you can never mix them…
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Did you say the new version didn't work for you? That's weird - I'll need to test it, or it'll be released as it is and you won't be able to use new versions.
Please stop the old service, install new and run this from the command line:
c:
cd \cntlm\install\dir
cntlm.exe -T debug.txt -v -f -s
and then try opening http://www.google.com/ and then https://www.google.com in your browser (with cntlm proxy settings). Kill cntlm and send me your debug.txt. I think it's a configuration problem on your side, but just in case I'd like to see what's going on.
You see, none of my testers (about a 100 people) has reported anything wrong so far, so if your specific network setup is unsupported, it will stay that way until fixed…
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
NTLM auth must happen in one go, within the same single connection. That's why client and servers send/return proxy-connection: keep-alive. Your proxy, however, doesn't. It's weird and broken (because, in fact, it's *not* closing the connection).
I removed the check for keep-alive and it should work with your proxy too (get 0.91rc3 from FTP). Please test and report back!
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
My cntlm worked before I upgraded cygwin from 1.5 to 1.7
When I start the service I got:
More help is available by typing NET HELPMSG 3523
I already replaced the latest version of cygwin1.dll to cntlm’s path. I can manually start cntlm without problem. However, I did notice there was a new prompt with this version of cygwin:
I wonder if the problem is related to above warning?
No idea - cntlm is using it's own cygwin1.dll and it should be primary (it's in the same dir as cntlm.exe). Have you changed or deleted the cygwin1.dll in cntlm's installation dir?
Have you tried the latest 0.91 release candidate version?
My environment get a newer version of cygwin1.dll(1.7.1) than the one came with 0.35.1(which is 1.5.24), so I replaced it with mine after installation. I think a lot of people did this here is one http://aexellentcoding.wordpress.com/
I did try 0.91
It came with cygwin1.dll(same as mine) so I just use everything out of the box. The service got started without problem. However, the proxy does not work for me, I always got 407 from my company's proxy. My colleague got HTTP OK, but all HTTPS failed, so we both back to 0.35.1
I see, that's the problem. You cannot just update the DLL. Applications are hard-linked with it. You can change it for simple applications that use only the most common functions - maybe - but generally speaking, it's completely wrong.
Cygwin1.dll is not like your typical DLL, it's an almost complete POSIX implementation and has very very complex relations with binaries. Each Cygwin application (exe+dll) is completely standalone. The binary and the DLL are a single piece of code. You can have as many different versions of the DLL as there are POSIX apps on your system, but you can never mix them…
Did you say the new version didn't work for you? That's weird - I'll need to test it, or it'll be released as it is and you won't be able to use new versions.
Please stop the old service, install new and run this from the command line:
c:
cd \cntlm\install\dir
cntlm.exe -T debug.txt -v -f -s
and then try opening http://www.google.com/ and then https://www.google.com in your browser (with cntlm proxy settings). Kill cntlm and send me your debug.txt. I think it's a configuration problem on your side, but just in case I'd like to see what's going on.
You see, none of my testers (about a 100 people) has reported anything wrong so far, so if your specific network setup is unsupported, it will stay that way until fixed…
Cntlm debug trace, version 0.91rc2 windows/cygwin port.
Command line: cntlm -T debug.txt -f -v -s
Default config file opened successfully
cntlm: Proxy listening on 127.0.0.1:3128
cntlm: Resolving proxy 202.xx.xxx.xx…
Adding no-proxy for: 'localhost'
Adding no-proxy for: '127.0.0.*'
Adding no-proxy for: '10.*'
Adding no-proxy for: '192.168.*'
cntlm: Workstation name used: David-WINXP
cntlm: Using following NTLM hashes: NTLMv2(1) NT(0) LM(0)
cntlm: PID 2400: Cntlm ready, staying in the foreground
******* Round 1 C: 5 *******
Reading headers (5)…
HEAD: CONNECT mail.google.com:443 HTTP/1.1
Thread processing…
cntlm: PID 2400: Using proxy 202.xx.xxx.xx:8080
User-Agent => Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6 GTB6 (.NET CLR 3.5.30729)
Proxy-Connection => keep-alive
Host => mail.google.com
cntlm: PID 2400: 127.0.0.1 CONNECT mail.google.com:443
NTLM Request:
Domain: xxxdom00
Hostname: David-WINXP
Flags: 0xA208B205
Sending PROXY auth request…
User-Agent => Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6 GTB6 (.NET CLR 3.5.30729)
Proxy-Connection => keep-alive
Host => mail.google.com
Proxy-Authorization => NTLM TlRMTVNTUAABAAAABbIIoggACAArAAAACwALACAAAABEQVZJRC1XSU5YUEhJVERPTTAw
Content-Length => 0
Reading PROXY auth response…
HEAD: HTTP/1.1 407 Proxy Authentication Required ( Access is denied. )
Via => 1.1 Hxxxxxxxx
Proxy-Authenticate => NTLM TlRMTVNTUAACAAAAEAAQADgAAAAFgomiocor0MoIgiYAAAAAAAAAAG4AbgBIAAAABQCTCAAAAA9IAEkAVABEAE8ATQAwADAAAgAQAEgASQBUAEQATwBNADAAMAABABAASABJAFQAUABSAFgAMAAyAAQAFABoAGkAdAAuAGMAbwBtAC4AaABrAAMAJgBoAGkAdABwAHIAeAAwADIALgBoAGkAdAAuAGMAbwBtAC4AaABrAAAAAAA=
Pragma => no-cache
Cache-Control => no-cache
Content-Type => text/html
Content-Length => 0
NTLM Challenge:
Challenge: A1CA2BD0CA088226 (len: 182)
Flags: 0xA2898205
NT domain: xxxdom00
Server: Hxxxxxxxx
Domain: xxx.com
FQDN: Hxxxxxxxx.xxx.com
TBofs: 72
TBlen: 110
ttype: 0
NTLMv2:
Nonce: CCD6713EC6CDAA4C
Timestamp: 129156789720000000
NTLM Response:
Hostname: 'David-WINXP'
Domain: 'xxxdom00'
Username: '30038'
Response: 'BF9E4FD311C213CB9A3F62AFB51D57B301010000000000000026977B6ADBCA01CCD6713EC6CDAA4C000000000200100048004900540044004F004D00300030000100100048004900540050005200580030003200040014006800690074002E0063006F006D002E0068006B0003002600680069007400700072007800300032002E006800690074002E0063006F006D002E0068006B000000000000000000' (158)
Response: '65B3402147AC1CCFE163951DC7301D44CCD6713EC6CDAA4C' (24)
Proxy auth not requested - just forwarding.
Sending headers (5)…
No body.
PROXY CLOSING CONNECTION
forward_request: palive=0, authok=0, ntlm=0, closed=0
Thread finished.
proxy_thread: request rc = ffffffff
Thank you very much. I know what's going on.
NTLM auth must happen in one go, within the same single connection. That's why client and servers send/return proxy-connection: keep-alive. Your proxy, however, doesn't. It's weird and broken (because, in fact, it's *not* closing the connection).
I removed the check for keep-alive and it should work with your proxy too (get 0.91rc3 from FTP). Please test and report back!
Thank you,
I tested 0.91rc4 everything worked out of the box ( in fact I am using it to make this reply)
again ,thank you for this great program
I seem to be getting that seme effect on Windows 10 with v0.92.3: can you offer any insight?
I redacted my computer host name - it is showing up correctly in the logs
* Round 1 C: 5 *
Reading headers (5)...
HEAD: CONNECT s.youtube.com:443 HTTP/1.1
NO: s.youtube.com (localhost)
NO: s.youtube.com (127.0.0.)
NO: s.youtube.com (10.)
NO: s.youtube.com (192.168.*)
Thread processing...
Host => s.youtube.com:443
Proxy-Connection => keep-alive
User-Agent => Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36
cntlm: PID 3828: 127.0.0.1 CONNECT s.youtube.com:443
NTLM Request:
Domain: idealcorp
Hostname: #####
Flags: 0xA208B205
Sending PROXY auth request...
Host => s.youtube.com:443
Proxy-Connection => keep-alive
User-Agent => Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36
Proxy-Authorization => NTLM TlRMTVNTUAABAAAABbIIogkACQAzAAAAEwATACAAAABOQy1ERVYtMTE2Mi5ERVYuQ09NSURFQUxDT1JQ
Content-Length => 0
Reading PROXY auth response...
HEAD: HTTP/1.1 407 Proxy Authentication Required
Proxy-Authenticate => NTLM TlRMTVNTUAACAAAAEgASADgAAAAFgomivEXKjLbc+zYAAAAAAAAAALwAvABKAAAABgGxHQAAAA9JAEQARQBBAEwAQwBPAFIAUAACABIASQBEAEUAQQBMAEMATwBSAFAAAQAYAEEAQwBTADQAMQBOAEMAMQBVAFMAMAAxAAQAIABpAGQAZQBhAGwALgBjAG8AcgBwAC4AbABvAGMAYQBsAAMAOgBBAEMAUwA0ADEATgBDADEAVQBTADAAMQAuAGkAZABlAGEAbAAuAGMAbwByAHAALgBsAG8AYwBhAGwABQAUAGMAbwByAHAALgBsAG8AYwBhAGwABwAIACSghglGaNIBAAAAAA==
Cache-Control => no-cache
Pragma => no-cache
Content-Type => text/html; charset=utf-8
Proxy-Connection => Keep-Alive
Connection => Keep-Alive
Content-Length => 866
Discarding 866 bytes.
NTLM Challenge:
Challenge: BC45CA8CB6DCFB36 (len: 262)
Flags: 0xA2898205
NT domain: IDEALCORP
Server: ACS41NC1US01
Domain: ideal.corp.local
FQDN: ACS41NC1US01.ideal.corp.local
TLD: corp.local
7: $†FÒ
TBofs: 74
TBlen: 188
ttype: 0
NTLMv2:
Nonce: 22F00929EA217201
Timestamp: 155834880
NTLM Response:
Hostname: '#####'
Domain: 'idealcorp'
Username: 'bradyjoh'
Response: '85D74195B2A1670A40545683FD4C5D26010100000000000000DA49094668D20122F00929EA217201000000000200120049004400450041004C0043004F005200500001001800410043005300340031004E004300310055005300300031000400200069006400650061006C002E0063006F00720070002E006C006F00630061006C0003003A00410043005300340031004E004300310055005300300031002E0069006400650061006C002E0063006F00720070002E006C006F00630061006C000500140063006F00720070002E006C006F00630061006C000700080024A086094668D2010000000000000000' (236)
Response: '3A6D7FAA40D7D86DCBBA00127E25EBED22F00929EA217201' (24)
Sending headers (6)...
Host => s.youtube.com:443
Proxy-Connection => keep-alive
User-Agent => Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36
Proxy-Authorization => NTLM TlRMTVNTUAADAAAAGAAYAIgAAADsAOwAoAAAABIAEgBAAAAAEAAQAFIAAAAmACYAYgAAAAAAAACMAQAABYKJokkARABFAEEATABDAE8AUgBQAGIAcgBhAGQAeQBqAG8AaABOAEMALQBEAEUAVgAtADEAMQA2ADIALgBEAEUAVgAuAEMATwBNADptf6pA19hty7oAEn4l6+0i8Akp6iFyAYXXQZWyoWcKQFRWg/1MXSYBAQAAAAAAAADaSQlGaNIBIvAJKeohcgEAAAAAAgASAEkARABFAEEATABDAE8AUgBQAAEAGABBAEMAUwA0ADEATgBDADEAVQBTADAAMQAEACAAaQBkAGUAYQBsAC4AYwBvAHIAcAAuAGwAbwBjAGEAbAADADoAQQBDAFMANAAxAE4AQwAxAFUAUwAwADEALgBpAGQAZQBhAGwALgBjAG8AcgBwAC4AbABvAGMAYQBsAAUAFABjAG8AcgBwAC4AbABvAGMAYQBsAAcACAAkoIYJRmjSAQAAAAAAAAAA
No body.
* Round 2 C: 5, S: 6 (authok=0, noauth=0) *
Reading headers (6)...
HEAD: HTTP/1.1 200 Connection established
Sending headers (5)...
headers_send: fd 5 warning -999 (connection closed)
forward_request: palive=0, authok=1, ntlm=0, closed=0
Thread finished.
proxy_thread: request rc = 0xffffffff