Ubuntu Server behind a NTLM Proxy
My Previous Linux Experience
I’m making my first real steps in Linux and immediately ran into a rather annoying issue. My prior Linux knowledge is limited to my time at university where a lot of the computers for the students where running some version of Linux with a GUI. I had a C++ intro class on such computers but most of the stuff I did was with the GUI (web browsing). I was studying biology so that C++ class was about “What is an if statement? What is a for loop?”. You get the idea. My eeePC running Windows XP was going from extremely slow to me almost stomping it and throwing it out of the window. Windows was replaced with Jolicloud, an out-of-the box Ubuntu-based Linux for netbooks. I quickly learned that “sudo” seems to be an important word.
I downloaded 32-bit Ubuntu Server and installed in as a VM in VMWare using its “Easy Install” feature, which means only options I could enter was my user name and password. Install was quick and worked flawless. That was my first surprise. The second one was, that the server console was assuming a keyboard in US layout. So I googled how I could change that and soon got into contact with sudo apt-get update. This failed because of the annyoing ntlm proxy.
I tried to follow this Guide (for ntlmaps but shows some basic commands) but quickly ran into problems. I was supposed to install a package but I had no idea how to actually get the file into the Ubuntu Server VM. I lost hours here and the solution I came up with probably fits this xkcd comic I can’t find right now.
- download cntlm package on your windows host from here.
- Install imgburn
- use imgburn to create an iso containing the cntlm package
- in VMware under VM->removable devices->CD/DVD in settings option select above created iso
- VMware under VM->removable devices->CD/DVD select connect (VM must be running)
- sudo mkdir -p /mnt/dvd
- sudo mount -t iso9660 /dev/dvd /mnt/dvd (first check under /dev the actual name of the drive. it was “dvd” in mycase)
- cd /mnt/dvd
- ls (to determine file name of the package within the iso)
- sudo dpkg –install file_name.deb
Configure System and cntlm
You then need to create the file
/etc/apt/apt.conf.d/40proxy. Note the “40” is required! Add
Acquire::http::Proxy "http://127.0.0.1:3128/"; to that file. Using vi:
sudo vi 40proxy(this should create the file)
- see this or google for a vi tutorial yourself
- press “i” to insert text
- press “Esc” to exit insert mode
- enter :w to save
- enter :q to quit (or :q! to quit without saving if something unexpected happens, it will, believe me especially with a wrong keyboard layout)
After this you need to configure cntlm by editing
/etc/cntlm.conf with vi. Enter
sudo vi /etc/cntlm.conf and follow instruction on the cntlm home page. If you make a mistake in editing just exit vi with :q! and open it again.
I will have to set username, domain, password, Workstation and Proxy. Workstation is the netbios name (Computer Name) of a Windows PC that can successfully connect through the proxy. In my case my windows host computer name. After you entered these settings run
sudo cntlm -M http://www.google.com. This should output auth version and on the next line the “secure configuration string”. It should look similar to this:
----------------------[ Profile 0 ]----
Add the above “code” after “PassNTLMv2” to the cntlm.conf file. The line is already there you need to uncomment it and replace the existing “code” with the above generated one. Note that in your case it could be PassLM or PassNT. You need to uncomment the appropriate line:
# Example secure config shown below.
# PassLM 1AD35398BE6565DDB5C4EF70C0593492
# PassNT 77B9081511704EE852F94227CF48A793
### Only for user 'testuser', domain 'corp-uk'
After that delete the plain text password from the cntlm.conf file! You can leave it empty.
Note that all guides I found suggest to use ntlmaps. This does not work for all NTLM proxies. Therefore I suggest to always use cntlm. Also an alternative option would be to install cntlm on your windows host. The only thing you need to do is let the file /etc/apt/apt.conf.d/40proxy point to the proxy on the windows host:
Of Course you need to adjust the IP address above to fit to your configuration.
Learning by doing
After I finally got this running I realized that I have already got used to the wrong keyboard layout I wanted to change. Also vi was a PITA for me as a windows user. Can’t help you here but you will get used to it as I did. I guess in the end those hours did have quite some training effect and were not completely wasted.
Subscribe to comments with RSS.