This time my job was to create small workgroup of Linux workstations for department of outsoucing developers. We have single DC with ISA firewall and Web Proxy with basic authentication. There was no problem creating new segment, installing workstations (Ubuntu 11.04) and authenticating through Kerberos. Problem arrived with NTLM authentication, we had problems authenticating through ISA. This is how I solved it.
Solution was to install CNTLM, so let’s proceed
sudo apt-get install cntlm sudo chmod 664 /etc/cntlm.conf sudo nano /etc/cntlm.conf
Remember not to include special characters in domain users password like “#”.
“Proxy” is your real proxy – in our case ISA, “NoProxy” is option is for where you want to skip proxy and “Listen” is port where you want CNTLM to listen on – it doesn’t matter if it is same as main proxy.
Username domain.username Domain company.local Password zz11xx22e Proxy 192.168.101.1:8080 NoProxy localhost, 127.0.0.*, 10.*, 192.168.* Listen 8080
1. System -> Preferences -> Network Proxy 2. Select "Manual proxy configuration" 3. Select "Use the same proxy for all protocols" 4. HTTP proxy: localhost, Port: 8080, Details: leave blank, no authentication is needed 5. Press button: "Apply System-Wide.." and enter root password for keyring etc. 6. Close dialog
Chromium will use system settings.
1. Edit -> Preferences -> Advanced -> Network -> Settings... 2. Choose "Manual proxy configuration:" 3. HTTP Proxy: localhost, Port: 8080 4. Choose "Use this proxy server for all protocols" 5. OK, and close all dialogs
1. Install Skype from Ubuntu Software Center (you should enable partner repositories for this) 2. Before starting Skype delete configuration files (skype should be closed if you have it installed like me) rm ~/.Skype/shared.lck rm ~/.Skype/shared.xml 3. Start Skype and accept EULA 4. Click on blue Skype icon in left bottom corner and go to Options 5. Choose "SOCKS Proxy" from dropdown 6. Host: localhost, Port: 8080, User: domain-username, Password: domain-password 7. Username/Password are not neccessary, Apply and login to your regular Skype account 8. You'll have to wait a little for login...
Synaptic Package Manager Configuration
1. System -> Administration -> Synaptic Package Manager 2. Settings -> Preferences -> Network 3. Choose "Manual proxy configuration" 4. HTTP proxy localhost:8080, same for FTP, Apply and go...
Command Line Configuration
1. nano ~/.profile 2. at the bottom write: export http_proxy=http://localhost:8080 export https_proxy=http://localhost:8080 export ftp_proxy=http://localhost:8080
cntlm -I -v -M http://www.google.com/ cntlm -v
sudo /etc/init.d/cntlm force-reload