cntlm: Proxy returning invalid challenge
Amedee Van Gasse (ub)
amedee-ubuntu at amedee.be
Tue Oct 12 09:55:31 UTC 2010
On Mon, October 11, 2010 20:44, Amedee Van Gasse (ub) wrote:
> I'm taking evening classes Java. The internet connection is protected with
> an ISA server. We got the proxy server, port, login and password from the
> teacher.
> My fellow students all have Windows on their laptop and have no problem to
> get online with their browser.
>
> For me it doesn't work because it appears that ISA requires NTLM
> authentication. I installed and configured cntlm but it still doesn't
> work.
>
> This is my /etc/cntlm.conf (comments stripped):
>
>
> Username username
> Password password
> Proxy 192.168.5.253:8080
> NoProxy localhost, 127.0.0.*, 10.*, 192.168.*
> Listen 3128
>
>
>
> When I run 'sudo /usr/sbin/cntlm -v', I get the following output:
>
>
> section: global, Username = 'username'
> section: global, Password = 'password'
> section: global, Proxy = '192.168.5.253:8080'
> section: global, NoProxy = 'localhost, 127.0.0.*, 10.*, 192.168.*'
> section: global, Listen = '3128'
> Default config file opened successfully
> cntlm: Proxy listening on 127.0.0.1:3128
> cntlm: Resolving proxy 192.168.5.253...
> Adding no-proxy for: 'localhost'
> Adding no-proxy for: '127.0.0.*'
> Adding no-proxy for: '10.*'
> Adding no-proxy for: '192.168.*'
> cntlm: Workstation name used: deagol
> cntlm: Using following NTLM hashes: NTLMv2(1) NT(0) LM(0)
> cntlm[2685]: Cntlm ready, staying in the foreground
>
> ******* Round 1 C: 5 *******
> Reading headers (5)...
> HEAD: GET http://leerstad.be/ HTTP/1.1
> NO: leerstad.be (localhost)
> NO: leerstad.be (127.0.0.*)
> NO: leerstad.be (10.*)
> NO: leerstad.be (192.168.*)
> Thread processing...
> Host => leerstad.be
> User-Agent => Mozilla/5.0 (X11; U; Linux i686; nl;
> rv:1.9.2.10) Gecko/20100922 Ubuntu/10.10 (maverick) Firefox/3.6.10
> Accept =>
> text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
> Accept-Language => nl,en-us;q=0.7,en;q=0.3
> Accept-Encoding => gzip,deflate
> Accept-Charset => ISO-8859-1,utf-8;q=0.7,*;q=0.7
> Keep-Alive => 115
> Proxy-Connection => keep-alive
> Cache-Control => max-age=0
> cntlm[2343]: 127.0.0.1 GET http://leerstad.be/
> NTLM Request:
> Domain:
> Hostname: deagol
> Flags: 0xA208B205
>
> Sending PROXY auth request...
> Host => leerstad.be
> User-Agent => Mozilla/5.0 (X11; U; Linux i686; nl;
> rv:1.9.2.10) Gecko/20100922 Ubuntu/10.10 (maverick) Firefox/3.6.10
> Accept =>
> text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
> Accept-Language => nl,en-us;q=0.7,en;q=0.3
> Accept-Encoding => gzip,deflate
> Accept-Charset => ISO-8859-1,utf-8;q=0.7,*;q=0.7
> Keep-Alive => 115
> Proxy-Connection => keep-alive
> Cache-Control => max-age=0
> Proxy-Authorization => NTLM
> TlRMTVNTUAABAAAABbIIogAAAAAmAAAABgAGACAAAABERUFHT0w=
> Content-Length => 0
>
> Reading PROXY auth response...
> HEAD: HTTP/1.1 407 Proxy Authentication Required ( The ISA Server requires
> authorization to fulfill the request. Access to the Web Proxy filter is
> denied. )
> Via => 1.1 SERV-PROXY
> Proxy-Authenticate => Negotiate
> Proxy-Authenticate => Kerberos
> Proxy-Authenticate => NTLM
> Connection => close
> Proxy-Connection => close
> Pragma => no-cache
> Cache-Control => no-cache
> Content-Type => text/html
> Content-Length => 4118
> Discarding 4118 bytes.
> cntlm[2343]: Proxy returning invalid challenge!
> Sending headers (6)...
> Host => leerstad.be
> User-Agent => Mozilla/5.0 (X11; U; Linux i686; nl;
> rv:1.9.2.10) Gecko/20100922 Ubuntu/10.10 (maverick) Firefox/3.6.10
> Accept =>
> text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
> Accept-Language => nl,en-us;q=0.7,en;q=0.3
> Accept-Encoding => gzip,deflate
> Accept-Charset => ISO-8859-1,utf-8;q=0.7,*;q=0.7
> Keep-Alive => 115
> Proxy-Connection => keep-alive
> Cache-Control => max-age=0
> headers_send: fd 6 warning -999 (connection closed)
> forward_request: palive=0, authok=0, ntlm=0, closed=1
>
> Thread finished.
> proxy_thread: request rc = ffffffff
> Joining thread 3079035760; rc: 0
>
>
>
> Username is correct, password is correct, proxy server is correct, domain
> is not needed. What else did I get wrong?
FYI.
At school I have a time window of 4 hours/week to debug this issue.
But at work we also have ISA, and there I see the same cntlm problem. That
gives me a time window of 40 hours/week to troubleshoot.
At work the proxy address, username and password are of course different,
and this time I also have a domain. Still no connection, still Proxy
Authentication Required.
I know that the proxy, user, domain, password are correct because it works
if I fill them in directly in the network settings of Synaptic or Firefox.
I use version 0.91~rc6-0ubuntu1.
--
Amedee
More information about the ubuntu-users
mailing list