The right way to configure Linux to make use of NTLM with CNTLM

Discover ways to authenticate your Linux servers and desktops on an MS NTLM proxy server.

Image: Jack Wallen

In the event you work in an organization that makes use of a Microsoft NTLM Proxy Server and also you additionally wish to use Linux, chances are you’ll not be capable to join. Why? Certainly, Linux doesn’t have the means to attach with the NTLM protocol. Thankfully, there may be a simple approach to work round this downside.

With the assistance of CNTLM, your Linux machine (whether or not it’s a server or a workstation) can set up the reference to the MS proxy server. The set up and configuration of CNTLM are literally fairly easy.

SEE: Selecting Your Home windows 7 Exit Technique: 4 Choices (Tech Professional Analysis)

Make it possible for this occurs.

What do you want

The one belongings you want are a Linux machine (I'll present it on Ubuntu Server 18.04), a consumer account with sudo privileges, and a Home windows consumer account that may authenticate to the proxy server.

With all these items in place, it's time to work.

Putting in CNTLM

Prior to installing CNTLM, it’s best to replace and improve your laptop. Remember that if the kernel had been to be upgraded, you’ll most likely must reboot. Due to this, run the replace / improve course of at a time when a reboot is feasible. To replace and improve, open a terminal window and run the next instructions:

sudo apt-get replace
sudo apt-get improve -y

After the improve is full, reboot (if vital) and set up CNTLM with the next command:

sudo apt-get set up cntlm -y

CNTLM configuration

Earlier than opening the configuration file, it’s best to hash your consumer password (for safety causes) as a substitute of getting into it and saving it straight into the file. To do that, run the command:

sudo cntlm -H -d DOMAIN -u USER

The place DOMAIN is the area to make use of and USER is the Home windows consumer.

The command above will show the hashed passwords for PassLM, PassNT, and PssNTLMv2 (Determine a).

Determine A: Our hashed passwords.

Copy these hashed passwords (you’ll use one within the configuration file).

The configuration of CNTLM is completed in a single file. Situation the command:

sudo nano /and many others/cntlm.conf

On this file you will see 4 strains that should be configured:

MS_USERNAME consumer title
Discipline DOMAIN
Proxy IP: PORT
Password password


MS_USERNAME is your present Home windows consumer title. DOMAIN is your Home windows.IP area is the IP tackle of the MS proxy server to which you wish to join .PORT is the port utilized by the MS proxy server (most likely 8080) .PASSWORD is the hashed password that you’ve created to your Home windows consumer.

If in case you have multiple proxy server in your community, you’ll be able to set every with the Proxy entry (one per line) as follows: Proxy Proxy

When you might have accomplished your configurations, save and shut the file.

Restart CNTLM with the command:

sudo systemctl restart cntlm

At this level, your laptop is now ready to connect with the MS NTLM proxy server. You’ll then have to configure functions or providers to connect with the proxy assist. If you don’t want to configure the functions, separately, you’ll be able to do this.

Situation the command:

nano ~ / .bashrc

Paste the next on the backside of this file:

export http_proxy = http: // 3128
export https_proxy = https: // 3128
export ftp_proxy = http: // 3128

Save and shut this file. Lastly, run the command:

. ~ / .bashrc

That's all. So long as your MS proxy server is configured accurately and you’ve got used the right addresses and credentials, all the pieces ought to work now.

Congratulations, this Linux machine is lastly linked to your MS NTLM proxy server. Now you can return to work.

Open Supply Weekly Information Letter

You’ll not wish to miss our suggestions, tutorials and feedback on the Linux working system and open supply functions.
Delivered on Tuesday

Enroll right this moment

Enroll right this moment

Look additionally

Leave a Reply

Your email address will not be published. Required fields are marked *