Created
August 21, 2016 14:20
-
-
Save jbpadgett/7e122c3386b9bb0496c3fc7176667981 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# | |
# Cntlm Authentication Proxy Configuration | |
# | |
# NOTE: all values are parsed literally, do NOT escape spaces, | |
# do not quote. Use 0600 perms if you use plaintext password. | |
# | |
# NOTE: Use plaintext password only at your own risk | |
# Use hashes instead. You can use a "cntlm -M" and "cntlm -H" | |
# command sequence to get the right config for your environment. | |
# See cntlm man page | |
Username MYUSERNAME | |
Domain MYCORPDOMAIN | |
#Password clear_text_password_not_recommended_use_hash | |
#Construct hash as follows: cntlm -H -a NTLMv2 -d MYCORPDOMAIN -u MYUSERNAME | |
Auth NTLMv2 | |
PassLM 1AD35398BE6565DDB5C4EF70C0593492 | |
PassNT 77B9081511704EE852F94227CF48A793 | |
PassNTLMv2 D5826E9C665C37C80B53397D5C07BBCB # Only for user 'MYUSERNAME', domain 'MYCORPDOMAIN' | |
# Specify the netbios hostname cntlm will send to the parent | |
# proxies. Normally the value is auto-guessed. | |
# | |
# Workstation netbios_hostname | |
# List of parent proxies to use. More proxies can be defined | |
# one per line in format <proxy_ip>:<proxy_port> | |
# | |
#Proxy 10.0.0.41:8080 | |
#Proxy 10.0.0.42:8080 | |
Proxy myproxy.corp.com:80 | |
#Added a failover local squid proxy that use direct internet to allow for seamless access outside corp offices | |
Proxy localhost:3129 | |
# List addresses you do not want to pass to parent proxies | |
# * and ? wildcards can be used | |
# | |
#NoProxy localhost, 127.0.0.*, 10.*, 192.168.* | |
#Use NoProxy * for the equivalent of direct internet for all with no proxies, but this setting is not dynamic and must be edited and services restarted each time | |
#NoProxy * | |
# Specify the port cntlm will listen on | |
# You can bind cntlm to specific interface by specifying | |
# the appropriate IP address also in format <local_ip>:<local_port> | |
# Cntlm listens on 127.0.0.1:3128 by default | |
# | |
Listen 3128 | |
# If you wish to use the SOCKS5 proxy feature as well, uncomment | |
# the following option. It can be used several times | |
# to have SOCKS5 on more than one port or on different network | |
# interfaces (specify explicit source address for that). | |
# | |
# WARNING: The service accepts all requests, unless you use | |
# SOCKS5User and make authentication mandatory. SOCKS5User | |
# can be used repeatedly for a whole bunch of individual accounts. | |
# | |
#SOCKS5Proxy 8010 | |
#SOCKS5User dave:password | |
# Use -M first to detect the best NTLM settings for your proxy. | |
# Default is to use the only secure hash, NTLMv2, but it is not | |
# as available as the older stuff. | |
# | |
# This example is the most universal setup known to man, but it | |
# uses the weakest hash ever. I won't have it's usage on my | |
# conscience. :) Really, try -M first. | |
# | |
#Auth LM | |
#Flags 0x06820000 | |
# Enable to allow access from other computers | |
# | |
Gateway yes | |
# Useful in Gateway mode to allow/restrict certain IPs | |
# Specifiy individual IPs or subnets one rule per line. | |
# | |
#Allow 127.0.0.1 | |
#Deny 0/0 | |
# GFI WebMonitor-handling plugin parameters, disabled by default | |
# | |
#ISAScannerSize 1024 | |
#ISAScannerAgent Wget/ | |
#ISAScannerAgent APT-HTTP/ | |
#ISAScannerAgent Yum/ | |
# Headers which should be replaced if present in the request | |
# | |
#Header User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows 98) | |
# Tunnels mapping local port to a machine behind the proxy. | |
# The format is <local_port>:<remote_host>:<remote_port> | |
# | |
#Tunnel 11443:remote.com:443 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment