cntlm: Proxy returning invalid challenge

sktsee sktsee at
Mon Oct 18 14:49:00 UTC 2010

On Sun, 17 Oct 2010 23:20:58 +0200, Amedee Van Gasse wrote:

> Op 13-10-10 22:42, Amedee Van Gasse schreef:
>> Op 12-10-10 16:04, Amedee Van Gasse (ub) schreef:
>>> Anyway I will ask on the Sourceforge page. But don't let that hold you
>>> back.
>> FYI: still no answer on the Sourceforge page. The last activity of the
>> developer was on 2010-08-12 14:05:19 UTC.
>> Any suggestions for other places where I may get some help? Because my
>> question is possibly too difficult or too obscure for a general support
>> list.
> *bump*
> The average response time of the cntlm developer is 5 months, 11 days,
> 18 hours 6 minutes 12 seconds so I really hope that the ubuntu-users
> list can be just a little bit faster. Help? Please? Anyone?

1. Fire up wireshark and capture the auth negotiation between your 
machine and the ISA server. Wireshark has expert analysis for a lot of 
differnent protocols, so maybe it will provide a clue as to why the auth 
is failing.

2. Try ntlmaps. The package description for ntlmaps says that it can 
alter the client's request headers to make it appear to the server that 
the connectign client is MS IE. Presumably, it's talking about faking the 
user-agent string of your browser. IIRC, the debug output listed in one 
of your previous messages contained a line identifying an unaltered 
Firefox/Ubuntu user-agent string being sent to the ISA server. I know 
nothing about ISA servers, but if ntlmaps has client impersonation as a 
feature, then maybe its a requirement for NTLM auth. Alternately, if you 
are really set on making cntlm work, but it doesn't have the ability to 
modify the client headers to look like MS IE, then install the User-agent 
Switcher, or Modify Headers addon to do it from the browser.

3. Dates of recently posted messages 
indicate active participation. I can't speak to forum members' expertise 
and attitude towards Linux users, though.

4. Speak with the ISA system administrator and have her/him look at the 
server logs to identify the problem? I know, I know... it seems almost 
blasphemous to the spirit of Linux DIY troubleshooting to suggest such an 
action, which is why I list it only as a last resort.

That's all I got. Good luck.


More information about the ubuntu-users mailing list