jbpadgett/gist:7e122c3386b9bb0496c3fc7176667981

## gistfile1.txt
#
# Cntlm Authentication Proxy Configuration
#
# NOTE: all values are parsed literally, do NOT escape spaces,
# do not quote. Use 0600 perms if you use plaintext password.
#

# NOTE: Use plaintext password only at your own risk
# Use hashes instead. You can use a "cntlm -M" and "cntlm -H"
# command sequence to get the right config for your environment.
# See cntlm man page

Username	MYUSERNAME
Domain		MYCORPDOMAIN
#Password	clear_text_password_not_recommended_use_hash
#Construct hash as follows:  cntlm -H -a NTLMv2 -d MYCORPDOMAIN -u MYUSERNAME

Auth			NTLMv2
PassLM          1AD35398BE6565DDB5C4EF70C0593492
PassNT          77B9081511704EE852F94227CF48A793
PassNTLMv2      D5826E9C665C37C80B53397D5C07BBCB   # Only for user 'MYUSERNAME', domain 'MYCORPDOMAIN'


# Specify the netbios hostname cntlm will send to the parent
# proxies. Normally the value is auto-guessed.
#
# Workstation	netbios_hostname

# List of parent proxies to use. More proxies can be defined
# one per line in format <proxy_ip>:<proxy_port>
#
#Proxy		10.0.0.41:8080
#Proxy		10.0.0.42:8080

Proxy		myproxy.corp.com:80
#Added a failover local squid proxy that use direct internet to allow for seamless access outside corp offices
Proxy		localhost:3129


# List addresses you do not want to pass to parent proxies
# * and ? wildcards can be used
#
#NoProxy		localhost, 127.0.0.*, 10.*, 192.168.*
#Use NoProxy * for the equivalent of direct internet for all with no proxies, but this setting is not dynamic and must be edited and services restarted each time
#NoProxy		*


# Specify the port cntlm will listen on
# You can bind cntlm to specific interface by specifying
# the appropriate IP address also in format <local_ip>:<local_port>
# Cntlm listens on 127.0.0.1:3128 by default
#
Listen		3128

# If you wish to use the SOCKS5 proxy feature as well, uncomment
# the following option. It can be used several times
# to have SOCKS5 on more than one port or on different network
# interfaces (specify explicit source address for that).
#
# WARNING: The service accepts all requests, unless you use
# SOCKS5User and make authentication mandatory. SOCKS5User
# can be used repeatedly for a whole bunch of individual accounts.
#
#SOCKS5Proxy	8010
#SOCKS5User	dave:password

# Use -M first to detect the best NTLM settings for your proxy.
# Default is to use the only secure hash, NTLMv2, but it is not
# as available as the older stuff.
#
# This example is the most universal setup known to man, but it
# uses the weakest hash ever. I won't have it's usage on my
# conscience. :) Really, try -M first.
#
#Auth		LM
#Flags		0x06820000

# Enable to allow access from other computers
#
Gateway	yes

# Useful in Gateway mode to allow/restrict certain IPs
# Specifiy individual IPs or subnets one rule per line.
#
#Allow		127.0.0.1
#Deny		0/0

# GFI WebMonitor-handling plugin parameters, disabled by default
#
#ISAScannerSize     1024
#ISAScannerAgent    Wget/
#ISAScannerAgent    APT-HTTP/
#ISAScannerAgent    Yum/

# Headers which should be replaced if present in the request
#
#Header		User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)

# Tunnels mapping local port to a machine behind the proxy.
# The format is <local_port>:<remote_host>:<remote_port>
#
#Tunnel		11443:remote.com:443
	#
	# Cntlm Authentication Proxy Configuration
	#
	# NOTE: all values are parsed literally, do NOT escape spaces,
	# do not quote. Use 0600 perms if you use plaintext password.
	#

	# NOTE: Use plaintext password only at your own risk
	# Use hashes instead. You can use a "cntlm -M" and "cntlm -H"
	# command sequence to get the right config for your environment.
	# See cntlm man page

	Username MYUSERNAME
	Domain MYCORPDOMAIN
	#Password clear_text_password_not_recommended_use_hash
	#Construct hash as follows: cntlm -H -a NTLMv2 -d MYCORPDOMAIN -u MYUSERNAME

	Auth NTLMv2
	PassLM 1AD35398BE6565DDB5C4EF70C0593492
	PassNT 77B9081511704EE852F94227CF48A793
	PassNTLMv2 D5826E9C665C37C80B53397D5C07BBCB # Only for user 'MYUSERNAME', domain 'MYCORPDOMAIN'


	# Specify the netbios hostname cntlm will send to the parent
	# proxies. Normally the value is auto-guessed.
	#
	# Workstation netbios_hostname

	# List of parent proxies to use. More proxies can be defined
	# one per line in format <proxy_ip>:<proxy_port>
	#
	#Proxy 10.0.0.41:8080
	#Proxy 10.0.0.42:8080

	Proxy myproxy.corp.com:80
	#Added a failover local squid proxy that use direct internet to allow for seamless access outside corp offices
	Proxy localhost:3129


	# List addresses you do not want to pass to parent proxies
	# * and ? wildcards can be used
	#
	#NoProxy localhost, 127.0.0., 10., 192.168.*
	#Use NoProxy * for the equivalent of direct internet for all with no proxies, but this setting is not dynamic and must be edited and services restarted each time
	#NoProxy *


	# Specify the port cntlm will listen on
	# You can bind cntlm to specific interface by specifying
	# the appropriate IP address also in format <local_ip>:<local_port>
	# Cntlm listens on 127.0.0.1:3128 by default
	#
	Listen 3128

	# If you wish to use the SOCKS5 proxy feature as well, uncomment
	# the following option. It can be used several times
	# to have SOCKS5 on more than one port or on different network
	# interfaces (specify explicit source address for that).
	#
	# WARNING: The service accepts all requests, unless you use
	# SOCKS5User and make authentication mandatory. SOCKS5User
	# can be used repeatedly for a whole bunch of individual accounts.
	#
	#SOCKS5Proxy 8010
	#SOCKS5User dave:password

	# Use -M first to detect the best NTLM settings for your proxy.
	# Default is to use the only secure hash, NTLMv2, but it is not
	# as available as the older stuff.
	#
	# This example is the most universal setup known to man, but it
	# uses the weakest hash ever. I won't have it's usage on my
	# conscience. :) Really, try -M first.
	#
	#Auth LM
	#Flags 0x06820000

	# Enable to allow access from other computers
	#
	Gateway yes

	# Useful in Gateway mode to allow/restrict certain IPs
	# Specifiy individual IPs or subnets one rule per line.
	#
	#Allow 127.0.0.1
	#Deny 0/0

	# GFI WebMonitor-handling plugin parameters, disabled by default
	#
	#ISAScannerSize 1024
	#ISAScannerAgent Wget/
	#ISAScannerAgent APT-HTTP/
	#ISAScannerAgent Yum/

	# Headers which should be replaced if present in the request
	#
	#Header User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)

	# Tunnels mapping local port to a machine behind the proxy.
	# The format is <local_port>:<remote_host>:<remote_port>
	#
	#Tunnel 11443:remote.com:443