Skip to content

Instantly share code, notes, and snippets.

@sfabijanski
Last active Jun 25, 2020
Embed
What would you like to do?
Installing and settng up cntlm to work behind an NTLMv2 corporate proxy

Some web proxies use NTLMv2 authentication to pass user domain credentials to the proxy before accessing the internet. A number of the command line tools (npm, bower, curl) need to have their proxy configurations set and don't handle the NTLM handoff well. Installing and configuring the tools to use cntlm.exe as a local proxy alleviates the problem.

Requirements

  • cntlm.exe
  • git for windows ( with gitBash )

Setting up for proxy use

Cntlm.exe can be installed without admin privileges by downloading the zipped instance of the applicaiton and expanding to a local directory. It's recommended that the folder be placed in a path that does not include spaces (e.g. c:\bin\cntlm ).

Configure Git to use cntlm

Enter the following lines from a command prompt. These settings will then be saved to your global Git configiration.

git config --global set proxy http://localhost:3128
git config --global set https-proxy http://localhost:3128

To remove the settings for any reason, you can reverse them with the following:

git config --global unset proxy
git config --global unset https-proxy

Configure Bower to use cntlm

You will need to edit the .bowerrc file to add the following lines:

"proxy": "http://localhost:3128",
"http-proxy": "http://localhost:3128"

To remove the settings, simply delete the lines from your configuration file.

Configure NPM to use cntlm

Enter the following lines from a command prompt.

npm config set http http://localhost:3128
npm config set https-proxy http://localhost:3128

To remove the settings for any reason, you can reverse them with the following:

npm config unset http
npm config unset https-proxy

Setup the CLI to use cntlm

Some applications can be handled by simply setting environment variables before calling them from the command line interface. An example of this would be python pip installations. Some applications are sensitive to the environment variable casing. Start with upper case and if that doesn't work try lower case. Try:

set HTTP_PROXY=http://localhost:3128
set HTTPS_PROXY=http://localhost:3128

Install CNTLM

First download cntlm from Sourceforge. At the time of this writing, the latest is version 0.92.3. The zipped version for Windows may be installed without having local admin permissions on the machine. Simply extract to a directory you have write permissions to (e.g. C:\bin\cntlm).

Edit CNTLM configuration file

With CNTLM installed, the next step is to edit the configuration file (cntlm.ini). If you are using this on a workstation with multiple developers it is best to create a copy in a directory under your personal control--the application can be run with a reference to a specific configuration(see below).

The four items you will be amending are:

  1. Username -- with your username
  2. Domain -- with your enterprise domain. It may be necessary to use all uppercase for this in some situations.
  3. Proxy -- with the IP address and port number to the web proxy server
  4. NoProxy -- with DNS entries for connections to any servers that may not require the proxy

Additionally, comment out the line for the password. After editing the file it will look something like:

top of file...
Username    <username>
Domain      <domain>
#Password   password
...middle ...
Proxy       10.92.1.2:8080
....
NoProxy     localhost, 127.0.0.*, 10.*, 192.168.*, *.notneededhere.com
...

CNTLM is now configured to be run.

Run CNTLM

Assuming both the application and the edited configuration file are in C:\bin\cntlm, run the application from a gitBash CLI instance, with the following: >/c/bin/cntlm/cntlm.exe -c /c/bin/cntlm/cntlm.ini -I -f

The -I switch puts the app in interactive mode so you can provide your domain password. The -f keeps the application in the foreground--locking the CLI window--and allows the application to be closed with Ctrl-C.

CNTLM is now up and running. It should properly handle NTLM handoff to the web proxy for external connections.

@garethellis36
Copy link

garethellis36 commented Mar 19, 2019

Thanks for this. I didn't realise there was a portable version of Cntlm, so this is really useful!

@datadu-de
Copy link

datadu-de commented Jun 25, 2020

Thanks Steven, just some minor comments

To add to git it's

git config --global set http.proxy http://localhost:3128  
git config --global set https.proxy http://localhost:3128

To remove

git config --global unset http.proxy  
git config --global unset https.proxy

npm add

npm config set proxy http://localhost:3128  
npm config set https-proxy http://localhost:3128

remove

npm config unset proxy  
npm config unset https-proxy

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment