cntlm: Proxy returning invalid challenge
Amedee Van Gasse (ub)
amedee-ubuntu at amedee.be
Tue Oct 12 14:04:46 UTC 2010
On Tue, October 12, 2010 12:27, Knight wrote:
> On Tue, 2010-10-12 at 11:55 +0200, Amedee Van Gasse (ub) wrote:
>> On Mon, October 11, 2010 20:44, Amedee Van Gasse (ub) wrote:
>> > I'm taking evening classes Java. The internet connection is protected
>> > an ISA server. We got the proxy server, port, login and password from
>> > teacher.
>> > My fellow students all have Windows on their laptop and have no
>> problem to
>> > get online with their browser.
>> > For me it doesn't work because it appears that ISA requires NTLM
>> > authentication. I installed and configured cntlm but it still doesn't
>> > work.
>> > This is my /etc/cntlm.conf (comments stripped):
>> > Username username
>> > Password password
>> > Proxy 192.168.5.253:8080
>> > NoProxy localhost, 127.0.0.*, 10.*, 192.168.*
>> > Listen 3128
>> At school I have a time window of 4 hours/week to debug this issue.
>> But at work we also have ISA, and there I see the same cntlm problem.
>> gives me a time window of 40 hours/week to troubleshoot.
>> At work the proxy address, username and password are of course
>> and this time I also have a domain. Still no connection, still Proxy
>> Authentication Required.
>> I know that the proxy, user, domain, password are correct because it
>> if I fill them in directly in the network settings of Synaptic or
>> I use version 0.91~rc6-0ubuntu1.
> Hi Amedee,
> A quick search brought me to this possible solution:
> The last post brings a possible reason and solution.
> The versions of cntlm are not the same but because of the error 407,
> mentioned on the forum and in your output, could it be that you need to
> set the HTTPAUTH parameter to 1 in your config file?
> I have modified CNTLM v0.35.1 to do exactly that without impacting the
> existing functionality. i.e. I have added support to BASIC HTTP
> Authentication and it works like a charm. There is a new parameter
> HTTPAUTH added in the cntlm.conf file which needs to be set to 1. The
> default value is 0. If the new parameter is not set to 1 then the first
> GET request will be authenticated but subsequent GETs using the same
> connection will fail and will lead to a lot of traffic between the
> client and the proxy.
> Hope this is a match and solves the problem.
I think that this does not apply to me, at least not at work. That topic
is about HTTP/1.0, and I get this in my output:
HEAD: HTTP/1.1 407 Proxy Authentication Required ( The ISA Server requires
authorization to fulfill the request. Access to the Web Proxy filter is
Anyway I will ask on the Sourceforge page. But don't let that hold you back.
More information about the ubuntu-users