Tuesday, May 31, 2016

Eclipse connectivity issue with Corporate Proxy

Overview 

Some applications we use need to access the web through the Corporate proxy and pull in content. In many cases what happens is the request fails as the application is unable to negotiate the connection using the NTLM protocol. Examples of this are the Marketplace in Eclipse Luna or installing packages with npm.
Cntlm is a tool that will work around this problem by proxying these requests locally and talking to the Corporate proxy to establish a connection. From the project website: "Cntlm is an NTLM / NTLMv2 authenticating HTTP/1.1 proxy. It caches auth'd connections for reuse, offers TCP/IP tunneling (port forwarding) thru parent proxy and much much more."

Setup Instructions

  1. Download and install cntlm from http://sourceforge.net/projects/cntlm/
  2. Edit C:\Program Files (x86)\Cntlm\cntlm.ini and make the following changes (make sure you are running your text editor as administrator​):​
    a. Add your Corporate username
    Username <corporate proxy server login>

    b. Comment out domain (we don’t need it)
    # Domain    corp-uk

    c. Change Proxy and Add additional NoProxy
    Proxy           <HTTPPROXYNAME>:<PORT>
    NoProxy         localhost, 127.0.0.*

    d. Get password hash from the command line
    > cd "C:\Program Files (x86)\Cntlm\"
    > cntlm -H -c cntlm.ini

    e. Paste the resulting 3 lines, which contain hashes of your password, back into your config.ini:
    PassLM          <HASH>
    PassNT          <HASH>
    PassNTLMv2      <HASH>    # Only for user <USERNAME>, domain '<HTTP PROXY NAME>'

    f. Comment out clear text password parameter
    # Password <fake password>

    g. Start CNTLM
    See instructions in README.txt (in the cntlm installation directory)

    h. Test CNTLM from the comand line
    > cntlm -M http://www.google.com

    After entering your Corporate password when prompted, you should see a response similar to the following (the HTTP 200 response indicating a success):

    Config profile  1/4... OK (HTTP code: 200)
    ----------------------------[ Profile  0 ]------
    Auth            NTLMv2
    PassNTLMv2      <your password hash>
    ------------------------------------------------
  3. Reboot your computer.  CNTLM will be installed and will run as a windows service and you won't have sto start it again manually unless of course you stop it manually.
After configuring and starting cntlm, applications should be able to access the web with no further action needed.

Changing CNTLM Password After CORPORATE Password Reset

  1. Get password hash from the command line
    > cd "C:\Program Files (x86)\Cntlm\"
    > cntlm -H -c cntlm.ini
  2. Copy the resulting 3 lines, which contain hashes of your passwordPassLM <HASH>
    PassNT <HASH>
    PassNTLMv2 <HASH> # Only for user <USERNAME>, domain '<HTTPPROXYHOST>'
  3. Open the cntlm.ini (configuration setting file) and replace (paste) the information from step two into your cntlm.ini file.
  4. Save, stop then start cntlm.  Information on how to do that can be found in the "Starting/Stopping CNTLM Manually" section below.

Starting/Stopping CNTLM Manually

  1. To start stop CNTLM manually open a command prompt as an Administrator
  2. To stop CNTLM type
    1. net stop cntlm
  3. To start CNTLM type:
    1. net start cntlm

Further info

Cntlm technical manual
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)