Ubuntu NTLM Authentication on Windows Domain

This time my job was to create small workgroup of Linux workstations for department of outsoucing developers. We have single DC with ISA firewall and Web Proxy with basic authentication. There was no problem creating new segment, installing workstations (Ubuntu 11.04) and authenticating through Kerberos. Problem arrived with NTLM authentication, we had problems authenticating through ISA. This is how I solved it.

 

Installation
Solution was to install CNTLM, so let’s proceed

sudo apt-get install cntlm
sudo chmod 664 /etc/cntlm.conf
sudo nano /etc/cntlm.conf

 

Configuration
Remember not to include special characters in domain users password like “#”.
“Proxy” is your real proxy – in our case ISA, “NoProxy” is option is for where you want to skip proxy and “Listen” is port where you want CNTLM to listen on – it doesn’t matter if it is same as main proxy.

Username	domain.username
Domain		company.local
Password	zz11xx22e
Proxy		192.168.101.1:8080
NoProxy		localhost, 127.0.0.*, 10.*, 192.168.*
Listen		8080

 

System Configuration

1. System -> Preferences -> Network Proxy
2. Select "Manual proxy configuration"
3. Select "Use the same proxy for all protocols"
4. HTTP proxy: localhost, Port: 8080, Details: leave blank, no authentication is needed
5. Press button: "Apply System-Wide.." and enter root password for keyring etc.
6. Close dialog

 

Firefox Configuration
Chromium will use system settings.

1. Edit -> Preferences -> Advanced -> Network -> Settings...
2. Choose "Manual proxy configuration:"
3. HTTP Proxy: localhost, Port: 8080
4. Choose "Use this proxy server for all protocols"
5. OK, and close all dialogs

 

Skype Configuration

1. Install Skype from Ubuntu Software Center (you should enable partner repositories for this)
2. Before starting Skype delete configuration files (skype should be closed if you have it installed like me)
	rm ~/.Skype/shared.lck
	rm ~/.Skype/shared.xml
3. Start Skype and accept EULA
4. Click on blue Skype icon in left bottom corner and go to Options
5. Choose "SOCKS Proxy" from dropdown
6. Host: localhost, Port: 8080, User: domain-username, Password: domain-password
7. Username/Password are not neccessary, Apply and login to your regular Skype account
8. You'll have to wait a little for login...

 

Synaptic Package Manager Configuration

1. System -> Administration -> Synaptic Package Manager
2. Settings -> Preferences -> Network
3. Choose "Manual proxy configuration"
4. HTTP proxy localhost:8080, same for FTP, Apply and go...

 

Command Line Configuration

1. nano ~/.profile
2. at the bottom write:
	export http_proxy=http://localhost:8080
	export https_proxy=http://localhost:8080
	export ftp_proxy=http://localhost:8080

 

Testing Configuration

cntlm -I -v -M http://www.google.com/
cntlm -v

 

Reloading Config

sudo /etc/init.d/cntlm force-reload

Category: Administration, Updated October 17, 2011 from admin | Log in

2 Comments

Add your comment - TrackBack- RSS Comments

  1. Comment by Diego Santiviago:

    And how i use apt-get if my proxy configuration doesn’t work?

    July 3, 2012 @ 1:04 PM
  2. Comment by admin:

    You have tested proxy config before applying it system-wide? If it works from command line – it should, obviously, work from system settings. You should read this: https://help.ubuntu.com/community/AptGet/Howto/#Setting_up_apt-get_to_use_a_http-proxy

    July 3, 2012 @ 1:54 PM

Add your comment

XHTML: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> <pre lang="" line="" escaped="" cssfile="">