Solutions to IT problems

Solutions I found when learning new IT stuff

Ubuntu Server behind a NTLM Proxy

with 2 comments


My Previous Linux Experience

I’m making my first real steps in Linux and immediately ran into a rather annoying issue. My prior Linux knowledge is limited to my time at university where a lot of the computers for the students where running some version of Linux with a GUI. I had a C++ intro class on such computers but most of the stuff I did was with the GUI (web browsing). I was studying biology so that C++ class was about “What is an if statement? What is a for loop?”. You get the idea. My eeePC running Windows XP was going from extremely slow to me almost stomping it and throwing it out of the window. Windows was replaced with Jolicloud, an out-of-the box Ubuntu-based Linux for netbooks. I quickly learned that “sudo” seems to be an important word.

Starting Position

I downloaded 32-bit Ubuntu Server and installed in as a VM in VMWare using its “Easy Install” feature, which means only options I could enter was my user name and password. Install was quick and worked flawless. That was my first surprise. The second one was, that the server console was assuming a keyboard in US layout. So I googled how I could change that and soon got into contact with sudo apt-get update. This failed because of the annyoing ntlm proxy.

Installing cntlm

I tried to follow this Guide (for ntlmaps but shows some basic commands) but quickly ran into problems. I was supposed to install a package but I had no idea how to actually get the file into the Ubuntu Server VM. I lost hours here and the solution I came up with probably fits this xkcd comic I can’t find right now.

  1. download cntlm package on your windows host from here.
  2. Install imgburn
  3. use imgburn to create an iso containing the cntlm package
  4. in VMware under VM->removable devices->CD/DVD in settings option select above created iso
  5. VMware under VM->removable devices->CD/DVD  select connect (VM must be running)
  6. sudo mkdir -p /mnt/dvd
  7. sudo mount -t iso9660 /dev/dvd /mnt/dvd (first check under /dev the actual name of the drive. it was “dvd” in mycase)
  8. cd /mnt/dvd
  9. ls (to determine file name of the package within the iso)
  10. sudo dpkg –install file_name.deb

Configure System and cntlm

You then need to create the file /etc/apt/apt.conf.d/40proxy. Note the “40″ is required! Add Acquire::http::Proxy "http://127.0.0.1:3128/"; to that file. Using vi:

  1. cd /etc/apt/apt.conf.d
  2. sudo vi 40proxy (this should create the file)
  3. see this or google for a vi tutorial yourself
  4. press “i” to insert text
  5. press “Esc” to exit insert mode
  6. enter :w to save
  7. enter :q to quit (or :q! to quit without saving if something unexpected happens, it will, believe me especially with a wrong keyboard layout)

After this you need to configure cntlm by editing /etc/cntlm.conf with vi. Enter sudo vi /etc/cntlm.conf and follow instruction on the cntlm home page. If you make a mistake in editing just exit vi with :q! and open it again.

I will have to set username, domain, password, Workstation and Proxy. Workstation is the netbios name (Computer Name) of a Windows PC that can successfully connect through the proxy. In my case my windows host computer name. After you entered these settings run sudo cntlm -M http://www.google.com. This should output auth version and on the next line the  “secure configuration string”. It should look similar to this:


----------------------[ Profile 0 ]----
Auth NTLMv2
PassNTLMv2 C558B...
---------------------------------------

Add the above “code” after “PassNTLMv2″ to the cntlm.conf file.  The line is already there you need to uncomment it and replace the existing “code” with the above generated one. Note that in your case it could be PassLM or PassNT. You need to uncomment the appropriate line:


# Example secure config shown below.
# PassLM 1AD35398BE6565DDB5C4EF70C0593492
# PassNT 77B9081511704EE852F94227CF48A793
### Only for user 'testuser', domain 'corp-uk'
PassNTLMv2 C0B9081511704EE8524E4227CF483EB

After that delete the plain text password from the cntlm.conf file! You can leave it empty.

Note that all guides I found suggest to use ntlmaps. This does not work for all NTLM proxies. Therefore I suggest to always use cntlm. Also an alternative option would be to install cntlm on your windows host. The only thing you need to do is let the file /etc/apt/apt.conf.d/40proxy point to the proxy on the windows host:
Acquire::http::Proxy "http://192.168.213.1:3128/";
Of Course you need to adjust the IP address above to fit to your configuration.

Learning by doing

After I finally got this running I realized that I have already got used to the wrong keyboard layout I wanted to change. Also vi was a PITA for me as a windows user. Can’t help you here but you will get used to it as I did. I guess in the end those hours did have quite some training effect and were not completely wasted.

About these ads

Written by kienerj

October 26, 2011 at 12:53

Posted in Linux, Operating Systems

Tagged with , , ,

2 Responses

Subscribe to comments with RSS.

  1. Does this also cover the https proxy?

    Tim Katie Dilbert

    June 27, 2012 at 00:21

    • Can’t tell you. You need to try for yourself. Just set the port to 443 for the proxy in cntlm config file and try it. I’m in the lucky position that my company changed to a proxy that supports standard URL notation format http://username:password@proxyhost:port/.

      kienerj

      June 27, 2012 at 17:49


Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: