Sometimes you will find your server sat behind a proxy designed for human traffic rather than server traffic and so requires authentication.
Although the NTLM protocol is grossly insecure it still seems to used in a lot of proxies. To get your server to download updates you will need to make your server play nice with this authentication as a lot of software does not support the NTLM protocol.
CNTLM solves this issue by adding another proxy layer in front of your software which does not require authentication.
You can download it from here http://cntlm.sourceforge.net/
We are installing this on CentOS so we need the RPM, for Ubuntu get the DEB file alternatively download the source code and compile it.
So on CentOS run:
rpm -i cntlm-0.92.3-1.x86_64.rpm
On Ubuntu run:
dpkg -i cntlm_0.92.3_amd64.deb
Once installed edit the configuration file /etc/cntlm.conf
Set the username to your domain username and set the domain:
Username proxyaccess
Domain contorso.com
Remove any passwords. Set the port you want it to listen on, the default is 3128 and set the proxy server you want to go through:
Listen 3128
Proxy 10.0.0.1:8080
All we need to do now is create the password hash:
cntlm -H -M http://10.0.0.1:8080 -c /etc/cntlm.conf
-H means create a hash, -M specifies the proxy server and -c specifies the config file to use.
You will be asked for your password type it and then a hash will be created like below:
—————————-[ Profile 1 ]——
Auth NTLM
PassNT 44345CE5DA10BCDF46CB34BAB4B5EEF6
PassLM BA46510ADEFAE56345ACC34156ADEE36
————————————————
Copy all of this output and past it into your configuration file. Now all you need to do is start cntlm:
cntlm -c /etc/cntlm.conf
If you get “Exiting with Error check the Logs”. Have a look in the logs
If you see this entry:
cntlm: Cannot bind port 3128: Address already in use!
CNTLM is already running have a look by running:
ps aux | grep cntlm
kill -9 PROCESSID
Where PROCESSID is the ID of the process you want to kill.
Now try and run CNTLM again and you should be done.
All you have to do now is point your programs to http://127.0.0.1:3128 for example for yum edit /etc/yum.conf and add:
proxy = http://127.0.0.1:3128
Now YUM should work. Dont forget to have a look in /var/log/messages or /var/log/syslog for any errors.