Using Ubuntu With an Internet Proxy Requiring Authentication

When using an internet proxy server that requires authentication there are a few different sections of Ubuntu that need configuring, all the following was tested and working in Ubuntu 11.10 Oneiric Ocelot. Most of the guides I found out there assume that the proxy is using basic authentication and that enabling internet access in the terminal is just a matter of adding the server address, along with the username and password to bash.rc, like this:

sudo gedit /etc/bash.bashrc

Add your proxy server details in the following format to the end of bash.rc

export http_proxy=http://username:password@proxyhost:port/
export ftp_proxy=http://username:password@proxyhost:port/

This won’t work if the proxy is using anything other than basic authentication though.

So if, like me, you have a proxy using NTLMv2 authentication it’s time to look elsewhere for a solution.

The application cntlm is the solution, it acts as a local proxy processing all the authentication requests from the various applications that are pointed at it.

To Install cntlm: Download the .deb file from here: http://www.ubuntuupdates.org/package/core/oneiric/universe/base/cntlm

Next Edit cntlm’s Config File:

sudo gedit /etc/cntlm.conf

Put the proxy IP or URL and port, username and password, and cntlm listening port into the config file (I had to change the port as the default was already in use, 3110 worked for me):

Section to edit in cntlm.conf:

Username    ENTER PROXY USERNAME HERE
Domain        ENTER PROXY DOMAIN HERE
Password    ENTER PROXY PASSWORD HERE       # Use hashes instead (-H)
#Workstation    netbios_hostname    # Should be auto-guessed

Proxy        ENTER PROXY SERVER URL/IP:PORT HERE
#
# This is the port number where Cntlm will listen
#
Listen        3110

I then had to change the file permissions on the config file so the application could read it:

chmod og=rw /etc/cntlm.conf

Apply the proxy address of 127.0.0.1, port 3110 (or whichever port has been specified in the config file) to all protocols in System Setting > Network, and apply system wide.

Ubuntu - Network - Proxy Settings

To Get Internet Access in the Terminal, Edit the bashrc File: sudo gedit .bashrc

Add the following lines to the end of the file, so it points to cntlm’s port (change the port value of 3110 so it matches the port specified in the config file):

#Proxy
export http_proxy=http://127.0.0.1:3110
export https_proxy=http://127.0.0.1:3110
export ftp_proxy=http://127.0.0.1:3110

Restart Ubuntu (I needed to do this a couple of times for some reason) and everything should be good.

If apt-get update etc  are still not working, it’s possible to test the connection using:

cntlm -v -M http://www.google.co.uk