Sometimes you will find your server sat behind a proxy designed for human traffic rather than server traffic and so requires authentication.

Although the NTLM protocol is grossly insecure it still seems to used in a lot of proxies. To get your server to download updates you will need to make your server play nice with this authentication as a lot of software does not support the NTLM protocol.

CNTLM solves this issue by adding another proxy layer in front of your software which does not require authentication.

You can download it from here http://cntlm.sourceforge.net/

We are installing this on CentOS so we need the RPM, for Ubuntu get the DEB file alternatively download the source code and compile it.

So on CentOS run:

rpm -i cntlm-0.92.3-1.x86_64.rpm

On Ubuntu run:

dpkg -i cntlm_0.92.3_amd64.deb

Once installed edit the configuration file /etc/cntlm.conf

Set the username to your domain username and set the domain:

Username proxyaccess

Domain contorso.com

Remove any passwords. Set the port you want it to listen on, the default is 3128 and set the proxy server you want to go through:

Listen 3128

Proxy 10.0.0.1:8080

All we need to do now is create the password hash:

cntlm -H -M http://10.0.0.1:8080 -c /etc/cntlm.conf

-H means create a hash, -M specifies the proxy server and -c specifies the config file to use.

You will be asked for your password type it and then a hash will be created like below:

—————————-[ Profile 1 ]——

Auth NTLM

PassNT 44345CE5DA10BCDF46CB34BAB4B5EEF6

PassLM BA46510ADEFAE56345ACC34156ADEE36

————————————————

Copy all of this output and past it into your configuration file. Now all you need to do is start cntlm:

cntlm -c /etc/cntlm.conf

If you get “Exiting with Error check the Logs”. Have a look in the logs

If you see this entry:

cntlm: Cannot bind port 3128: Address already in use!

CNTLM is already running have a look by running:

ps aux | grep cntlm
kill -9 PROCESSID

Where PROCESSID is the ID of the process you want to kill.

Now try and run CNTLM again and you should be done.

All you have to do now is point your programs to http://127.0.0.1:3128 for example for yum edit /etc/yum.conf and add:

Now YUM should work. Dont forget to have a look in /var/log/messages or /var/log/syslog for any errors.