Cntml as a local proxy for NTML authentication to company proxy

The basic premise is that your machine is running behind a NTLM company proxy, this is usually identifiable by the fact all connections are directed through a .pac file, you can check in IE (Tools->Internet Options->Connections->LAN Settings) to see if the Use Automatic Configuration Script option is checked. The implication is that any attempts to link to a service outside the company domain, even if allowed by the firewall, will be failed by the proxy because they arrive unidentified from any other utility than a browser. The proxy wants a user name and password and the utility (wget for windows, python pip, python easy_install, ruby rubygems…) doesn’t know how to provide your network credentials in a format the NTLM proxy can understand.

Enter Cntlm, which is a local proxy you run on your machine to be that missing link. You will run your utility through Cntlm, which knows how to talk to an NTLM proxy so the request can proceed. Please note this will not bypass your firewall, if you can’t access an external resource through your browser, using this will not work either.

The instructions below cover both Windows XP and Win7.

You first need to install Cntml (http://sourceforge.net/projects/cntlm/files/cntlm/cntlm%200.92.3/, you can use cntlm-0.92.3-setup.exe).

Configure cntlm.ini (by default under C:\Program Files\Cntlm, on Win7, you will need to change the file permissions first to have edit access) by filling out the following values
Username   <yourUserName>
Domain        <yourNTDomain>

Run the following command from the command prompt (from Win7, you need to open the Command Prompt window with the Run As Administrator option)
cd “C:\Program Files\Cntlm”
cntlm.exe -c cntlm.ini -I -M http://www.bbc.co.uk

You should see the following output:
Password: <Enter your Password>
Config profile  1/4… Credentials rejected
Config profile  2/4… OK (HTTP code: 200)
—————————-[ Profile  1 ]——
Auth            NTLM
PassNT          XXXXXXXXXXXXXXXXXXXXXXXXXXXXX
PassLM          XXXXXXXXXXXXXXXXXXXXXXXXXXXXX
————————————————

Add the Profile info between the —– lines (Auth, PassNT and PassLM) to cntlm.ini (copy and paste) and restart Cntlm. By default, Cntml installs as a Windows service and automatically starts at boot (on the port defined in cntml.ini, by default port 3128) but you can stop/start the service manually by using the following commands in the command prompt:
net start cntml
net stop cntml

Usage

To direct requests through the local proxy from the local machine, create an environment variable “http_proxy=http://localhost:3128” where 3128 is the default port your local proxy should be running on by doing the following: single-right click on My Computer, click on Properties->Advanced->Environment Variables->New User Variables and enter “http_proxy” as the variable and “http://localhost:3128&#8243; as the value. The proxy should be be picked up automatically by basic command line tools like wget for Windows running from within the Command Prompt.

More sophisticated command line tools such as the grails executable require the proxy settings to be added to their own configuration. For example for grails, create a  ProxySettings.groovy file under <userFolder>/.grails/ to look like the below
client=[‘http.proxyHost’:’localhost’, ‘http.proxyPort’:’3128′, ‘http.proxyUser’:'<yourUserName>’, ‘http.proxyPassword’:'<yourPassword’, ‘http.nonProxyHosts’:”]
currentProxy=’client’

For GIT, just add the following lines to your GIT config by typing in GIT Bash
git config –global http.proxy “http://<yourNTDomain&gt;\<yourNetworkUserName>:<yourNetworkPassword>@127.0.0.1:3128”
git config –global https.proxy “http://<yourNTDomain&gt;\<yourNetworkUserName>:<yourNetworkPassword>@127.0.0.1:3128”

On a note, if you are running a Levinux VM on your Windows machine sitting behind a company proxy, you can get Tiny Core Linux (the OS of Levinux) to send request through the local proxy running on your local machine (thus enabling to run the tce-load -wi command or python pip for example) by typing “export http_proxy=http://10.0.2.2:3128”, where 10.0.2.2 is the IP of your Windows host in the QEMU default configuration (it is the default so if you are running Levinux and have no idea what I am on about, trust me, use this IP address) and 3128 the port on which you are running the local proxy on your Windows machine.