Proxy auth using Basic with user ‘xyz\myname’
> GET NOVELL Worldwide HTTP/1.1
> Proxy-Authorization: Basic Y2RhY25vaWRhXFxzaWRkaGFydGhzcml2YXN0YXZhOnNyaUAjJA==
> User-Agent: curl/7.21.2 (i686-pc-linux-gnu) libcurl/7.21.2 OpenSSL/1.0.0c zlib/1.2.5 libidn/1.15 libssh2/1.2.7
> Host: NOVELL Worldwide
> Accept: /
> Proxy-Connection: Keep-Alive
< HTTP/1.1 407 Proxy Authentication Required ( The ISA Server requires authorization to fulfill the request. Access to the Web Proxy filter is denied. )
< Via: 1.1 PR
you must start cntlm
and write your hashed pwd into described /etc/cntlm.conf
hide/hashes your pwd
take a look in documentation on Cntlm: Fast NTLM Authentication Proxy in C
Maybe there is somewhere a tutorial into the web. But i can not search one for you. No time … sry
Just a FYI -
I see you’re using Microsoft ISA as your proxy server. That poses unique issues because Microsoft ISA best performs when integrated with Windows Domain Security (is that a surprise?). As you note, Windows Domain security can inspect by Hostname and Username/Password.
Am guessing a bit, but I can’t remember that ISA supports BASIC authentication, IIRC you must encrypt with NTLM if you’re passing username/password.
There a number of ways to configure access
Join your openSUSE to the Windows Domain, then your credentials should be automatically encrypted with NTLM
You can configure authentication based on the Host IP address, that bypasses the Windows Domain credentials requirement. Of course, this is a bit less secure because anyone on your network can also masquerade as this address to gain the same firewall privileges.
You can configure HTTP “pass through.” That’s not very advisable, your ISA SysAdmin should know how to do that if you ultimately decide to do that.
I do not recommend trying to configure any other way of passing NTLM credentials, I wouldn’t advise leaving NTLM hashes lying around your network, they should only be stored in the Domain Controllers and SAM databases.
I was able to get cntlm working. But the problem is that it works only if I supply my password as it is in the cntlm.cfg.
If I replace the password with the hash produced by -H, the proxy again stops working.