cntlm: Proxy returning invalid challenge

Amedee Van Gasse (ub) amedee-ubuntu at amedee.be
Tue Oct 12 14:04:46 UTC 2010


On Tue, October 12, 2010 12:27, Knight wrote:
> On Tue, 2010-10-12 at 11:55 +0200, Amedee Van Gasse (ub) wrote:
>> On Mon, October 11, 2010 20:44, Amedee Van Gasse (ub) wrote:
>> > I'm taking evening classes Java. The internet connection is protected
>> with
>> > an ISA server. We got the proxy server, port, login and password from
>> the
>> > teacher.
>> > My fellow students all have Windows on their laptop and have no
>> problem to
>> > get online with their browser.
>> >
>> > For me it doesn't work because it appears that ISA requires NTLM
>> > authentication. I installed and configured cntlm but it still doesn't
>> > work.
>> >
>> > This is my /etc/cntlm.conf (comments stripped):
>> >
>> >
>> > Username	username
>> > Password	password
>> > Proxy		192.168.5.253:8080
>> > NoProxy		localhost, 127.0.0.*, 10.*, 192.168.*
>> > Listen		3128
>> >
> <snipped>
>>
>> FYI.
>> At school I have a time window of 4 hours/week to debug this issue.
>> But at work we also have ISA, and there I see the same cntlm problem.
>> That
>> gives me a time window of 40 hours/week to troubleshoot.
>>
>> At work the proxy address, username and password are of course
>> different,
>> and this time I also have a domain. Still no connection, still Proxy
>> Authentication Required.
>>
>> I know that the proxy, user, domain, password are correct because it
>> works
>> if I fill them in directly in the network settings of Synaptic or
>> Firefox.
>>
>> I use version 0.91~rc6-0ubuntu1.
>>
>> --
>> Amedee
>>
>>
>
> Hi Amedee,
>
> A quick search brought me to this possible solution:
> http://ubuntuforums.org/showthread.php?t=1396749&highlight=cntlm
>
> The last post brings a possible reason and solution.
> (http://ubuntuforums.org/showpost.php?p=8944993&postcount=6)
>
> The versions of cntlm are not the same but because of the error 407,
> mentioned on the forum and in your output, could it be that you need to
> set the HTTPAUTH parameter to 1 in your config file?
>
> <quote>
> I have modified CNTLM v0.35.1 to do exactly that without impacting the
> existing functionality. i.e. I have added support to BASIC HTTP
> Authentication and it works like a charm. There is a new parameter
> HTTPAUTH added in the cntlm.conf file which needs to be set to 1. The
> default value is 0. If the new parameter is not set to 1 then the first
> GET request will be authenticated but subsequent GETs using the same
> connection will fail and will lead to a lot of traffic between the
> client and the proxy.
> </quote>
>
> Hope this is a match and solves the problem.

Hello Knight,

I think that this does not apply to me, at least not at work. That topic
is about HTTP/1.0, and I get this in my output:

HEAD: HTTP/1.1 407 Proxy Authentication Required ( The ISA Server requires
authorization to fulfill the request. Access to the Web Proxy filter is
denied.  )

Anyway I will ask on the Sourceforge page. But don't let that hold you back.

-- 
Amedee





More information about the ubuntu-users mailing list