The server 127.0.0.1:3128 requires a username and password. The server says : cntlm for parent

4

5

I have just installed cntlm on my new Ubuntu 12.04. In configuration file etc/cntlm.conf, I inserted my network configure like below:

Username: myUsername
Domain : myDomain
Password: myPassword

Proxy : myProxy:8080

Listen: 3128

But when I set 127.0.0.1:3128 as my browser network proxy and when I want to visit a website, the pop up menu of cntlm appeared and wants the username and password.

What is the solution to this? How can I get my network domain name? I think my domain name or other particulars may be wrong.

Hossein Mobasher

Posted 2012-05-10T06:49:40.233

Reputation: 141

Answers

3

1) Install CNTLM to default directory (on Windows, C:\Program Files (x86)\cntlm\ ).

2) Run cmd.exe

3) Type : cd "C:\Program Files (x86)\cntlm\"

4) Type : cntlm.exe -H -d your_domain -u your_username

It will ask your password. Enter your password and cntlm will give you some hashes. Something like this:

c:\Program Files (x86)\Cntlm>cntlm -H -d your_domain -u your_username
Password:
PassLM          4E9C185900C7CF0B6FFCB2044F81920C
PassNT          6E9F120B83EEA0E875CE8E6F9730EC9A
PassNTLMv2      2A0B7C2457FB7DD8DA4EB737C4FA224F

Now you have password hashed. Save them to a text editor.

5) Type : cntlm -M http://www.google.com

Again enter your password. It will give you something like that

c:\Program Files (x86)\Cntlm>cntlm -M http://www.google.com
Password:
Config profile  1/4... Credentials rejected
Config profile  2/4... OK (HTTP code: 302)
----------------------------[ Profile  1 ]------
Auth            NTLM
PassNT          6E9F120B83EEA0E875CE8E6F9730EC9A
PassLM          4E9C185900C7CF0B6FFCB2044F81920C
------------------------------------------------

Now you see that profile 2 is successful. Because it says OK for profile 2. It may be different on you system.

The trick is,

  • if the Auth is NT, then you must use only PassNT
  • if the Auth is LM, then you must use only PassLM
  • if the Auth is NTLM, then you must use both PassLM and PassNT
  • if the Auth is NTLMv2, then you must use only PassNTLMv2

Now we got all we want. For my configuration, Auth says NTLM so I will use both PassNT and PassLM in the cntlm.ini configuration file.

This is an example configuration file according to given answers:

#
# Cntlm Authentication Proxy Configuration File
#

Username yourusername
Domain yourdomain

Auth NTLM
PassNT 6E9F120B83EEA0E875CE8E6F9730EC9A
PassLM 4E9C185900C7CF0B6FFCB2044F81920C

Workstation yourhostname.yourdomain

# Most probably proxy.yourdomain:8080
Proxy  yourProxyIP:yourProxyPort

NoProxy  localhost, 127.0.0.*, 10.*, 192.168.*

Listen  3132

Gateway yes

Now you can use your computer's IP address and port 3132 as a proxy.

Note 1: Don't use domain\username as username Note 2: If there is any then don't forget to use '.intra' extension after your domain (yourdomain.intra)

Ramazan Polat

Posted 2012-05-10T06:49:40.233

Reputation: 930

Great !! Thanks to your answer I was able to connect my Ubuntu VirtualBox VM to internet through my corporate proxy – Miky Rivers – 2014-10-28T09:31:53.607

Very informative. Thank you! Well, there in only one thing - question has "ubuntu" tag. But I guess having answer for windows will not hurt since someone probably will have same issue with Windows. – VL-80 – 2014-05-30T19:51:09.680

Ops! I have missed that tag but anyway, the installing to the default directory is mandatory for Windows since there is a bug related to that. – Ramazan Polat – 2014-05-30T19:53:20.877

2

In the cntlm.conf file, be sure to substitute the field Password with one of the following fields:

  • PassLM (if you use LM hash)
  • PassNT (if you use NT hash)
  • PassNTLMv2 (if you use NTLMv2 hash)

Then, you should not write the plain text password, but the corresponding hash, which can be computed with cntlm -H -d <domain> -u <user>

user2641008

Posted 2012-05-10T06:49:40.233

Reputation: 21

cntlm -H -d <domain> -u <user> works great! – getWeberForStackExchange – 2013-08-30T05:20:41.180

1

I had this same problem.

First of all, try this command:

sudo cntlm -M http://www.google.com

See the results. If the only method OK is Auth = LM, then you need to modify the configuration file on (uncomment this lines):

Auth         LM
Flags        0x06820000

If you don't know how to change the configuration file, make this:

gksudo gedit /etc/cntlm.conf

Remember to restart the CNTLM:

sudo service cntlm restart

Gustavo Gonçalves

Posted 2012-05-10T06:49:40.233

Reputation: 11

Config profile 1/4... Credentials rejected Config profile 2/4... Credentials rejected Config profile 3/4... Credentials rejected Config profile 4/4... Credentials rejected

Wrong credentials, invalid URL or proxy doesn't support NTLM nor BASIC. – Hossein Mobasher – 2012-06-06T20:33:05.530

I'm not a network administrator,but I use Nautilus (file manager) to check the Domain that my PC is connected. See this image. Opening the "Windows Network" you can verify the list of Domains available.

– Gustavo Gonçalves – 2012-06-08T12:09:23.790

Asked: 2012-05-10T06:49:40.233

Viewed: 11 720 times

Active: 2015-10-16T13:59:14.447