cntlm: Proxy returning invalid challenge
sktsee at tulsaconnect.com
Mon Oct 18 14:49:00 UTC 2010
On Sun, 17 Oct 2010 23:20:58 +0200, Amedee Van Gasse wrote:
> Op 13-10-10 22:42, Amedee Van Gasse schreef:
>> Op 12-10-10 16:04, Amedee Van Gasse (ub) schreef:
>>> Anyway I will ask on the Sourceforge page. But don't let that hold you
>> FYI: still no answer on the Sourceforge page. The last activity of the
>> developer was on 2010-08-12 14:05:19 UTC.
>> Any suggestions for other places where I may get some help? Because my
>> question is possibly too difficult or too obscure for a general support
> The average response time of the cntlm developer is 5 months, 11 days,
> 18 hours 6 minutes 12 seconds so I really hope that the ubuntu-users
> list can be just a little bit faster. Help? Please? Anyone?
1. Fire up wireshark and capture the auth negotiation between your
machine and the ISA server. Wireshark has expert analysis for a lot of
differnent protocols, so maybe it will provide a clue as to why the auth
2. Try ntlmaps. The package description for ntlmaps says that it can
alter the client's request headers to make it appear to the server that
the connectign client is MS IE. Presumably, it's talking about faking the
user-agent string of your browser. IIRC, the debug output listed in one
of your previous messages contained a line identifying an unaltered
Firefox/Ubuntu user-agent string being sent to the ISA server. I know
nothing about ISA servers, but if ntlmaps has client impersonation as a
feature, then maybe its a requirement for NTLM auth. Alternately, if you
are really set on making cntlm work, but it doesn't have the ability to
modify the client headers to look like MS IE, then install the User-agent
Switcher, or Modify Headers addon to do it from the browser.
3. http://forums.isaserver.org/ Dates of recently posted messages
indicate active participation. I can't speak to forum members' expertise
and attitude towards Linux users, though.
4. Speak with the ISA system administrator and have her/him look at the
server logs to identify the problem? I know, I know... it seems almost
blasphemous to the spirit of Linux DIY troubleshooting to suggest such an
action, which is why I list it only as a last resort.
That's all I got. Good luck.
More information about the ubuntu-users