Recently I was using an application which needs internet connection. In my network internet connection is behind proxy and the proxy needs NTLM authentication.

I can set basic authentication for the proxy in my application but there is no way to provide NTLM authentication credential. There are lots of program which behaves like this. A very common example is GIT.

In those cases CNTLM help. It works as local proxy system. You can set NTLM authentication inside CNTLM. So you can reach to internet via it. For more information visit Official CNTLM website.

Now how to configure CNTLM?

Download and install CNTLM. After  installation we need to configure it. I installed in in Windows so let me tell configuration For Windows only. The configuration file is C:Program Files (x86)Cntlmcntlm.ini

Lets start play with the configuration.

First we need to set the NTLM credential which is used for the internet proxy. It is not a good idea to put password in plaintext inside the configuration file so we can encrypt it. CNTLM tool has its own option for the encryption.

Open command prompt. Enter command

cntlm -H -d <domainname> -u <username>

CntlmHashGeneration

It will generate NTML hash. Now switch to cntlm.ini. Paste your id and hash.

CNTLMCredential

Now set the proxy of your internet which is required the NTLM authentication. e.g. 149.195.250.35:80.

CNTLMProxy

Now we need to configure listener. Generally CNTLM listens in 127.0.0.1 ip in the port 3128

CNTLMListener

You can configure it as you like. It is also possible to listen in multiple ip:port.

Listen          127.0.0.1:3128
Listen          10.0.0.1:3128

Once the configuration is done, save the file and start CNTLM Proxy

Start -> All Programs -> cntlm -> Start Cntlm Authentication Proxy

CNTLMStartProxy

You can test it in browser to check if it works . Open IE (or your favourite browser) change the proxy. For IE Tools -> Internet Options -> Connections -> Lan Settings -> Proxy server

CNTLMProxySetInBrowser

Set CNTLM Proxy ip and port.

Try to open Google (this is the most common site to check if browser has internet connection). Some time google loads from cache, better open any other site which you open rarely (e.g bing.com 😉 ). If your site opens then it works well.

Now you can set the proxy in your application which requires internet connection. If it takes system proxy then its enough to configure in IE internet settings.

Enjoy 🙂

One thought on “CNTLM – Proxy for NTLM authentication

  1. badhiya hai 🙂
    lucky to have senior like you.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.