Some web proxies use NTLMv2 authentication to pass user domain credentials to the proxy before accessing the internet. A number of the command line tools (npm, bower, curl) need to have their proxy configurations set and don't handle the NTLM handoff well. Installing and configuring the tools to use cntlm.exe as a local proxy alleviates the problem.
- cntlm.exe
- git for windows ( with gitBash )
Cntlm.exe can be installed without admin privileges by downloading the zipped instance of the applicaiton and expanding to a local directory. It's recommended that the folder be placed in a path that does not include spaces (e.g. c:\bin\cntlm ).
Enter the following lines from a command prompt. These settings will then be saved to your global Git configiration.
git config --global set proxy http://localhost:3128
git config --global set https-proxy http://localhost:3128
To remove the settings for any reason, you can reverse them with the following:
git config --global unset proxy
git config --global unset https-proxy
You will need to edit the .bowerrc file to add the following lines:
"proxy": "http://localhost:3128",
"http-proxy": "http://localhost:3128"
To remove the settings, simply delete the lines from your configuration file.
Enter the following lines from a command prompt.
npm config set http http://localhost:3128
npm config set https-proxy http://localhost:3128
To remove the settings for any reason, you can reverse them with the following:
npm config unset http
npm config unset https-proxy
Some applications can be handled by simply setting environment variables before calling them from the command line interface. An example of this would be python pip installations. Some applications are sensitive to the environment variable casing. Start with upper case and if that doesn't work try lower case. Try:
set HTTP_PROXY=http://localhost:3128
set HTTPS_PROXY=http://localhost:3128
First download cntlm from Sourceforge. At the time of this writing, the latest is version 0.92.3. The zipped version for Windows may be installed without having local admin permissions on the machine. Simply extract to a directory you have write permissions to (e.g. C:\bin\cntlm).
With CNTLM installed, the next step is to edit the configuration file (cntlm.ini). If you are using this on a workstation with multiple developers it is best to create a copy in a directory under your personal control--the application can be run with a reference to a specific configuration(see below).
The four items you will be amending are:
- Username -- with your username
- Domain -- with your enterprise domain. It may be necessary to use all uppercase for this in some situations.
- Proxy -- with the IP address and port number to the web proxy server
- NoProxy -- with DNS entries for connections to any servers that may not require the proxy
Additionally, comment out the line for the password. After editing the file it will look something like:
top of file...
Username <username>
Domain <domain>
#Password password
...middle ...
Proxy 10.92.1.2:8080
....
NoProxy localhost, 127.0.0.*, 10.*, 192.168.*, *.notneededhere.com
...
CNTLM is now configured to be run.
Assuming both the application and the edited configuration file are in
C:\bin\cntlm, run the application from a gitBash CLI instance, with the following:
>/c/bin/cntlm/cntlm.exe -c /c/bin/cntlm/cntlm.ini -I -f
The -I switch puts the app in interactive mode so you can provide your domain password. The -f keeps the application in the foreground--locking the CLI window--and allows the application to be closed with Ctrl-C.
CNTLM is now up and running. It should properly handle NTLM handoff to the web proxy for external connections.
Thanks for this. I didn't realise there was a portable version of Cntlm, so this is really useful!