Large enterprises are notorious for their firewalls and proxies and what they allow their employees to access over the internet. Even developers have a hard time figuring out how to deal with the situation and spend hours together trying to fix the proxy issue.
Of course there are multiple ways to get Ubuntu working behind an enterprise proxy . But to reduce the amount of time you spend to carry out the operation, a very old yet effective solution is the best way forward.
You may have guessed it already, install a local proxy. Ubuntu repos come with a very effective tool/program/software/app whatever you may choose to call it. It’s called CNTLM and below are the steps to get it working. This setup has been tested on Ubuntu 14.04.4 LTS.
Why CNTLM?
Enterprise proxies which are mostly still dependent on Microsoft based technologies like Active Directory require authentication for many activities like downloading from git repos, Android repos, Ubuntu repos and sometimes also for accessing internet. This authentication is usually tied to your AD login. Using commands like Accquire::http_proxy and export require you to explicitly define your password in plain text files. This leaves your password exposed .
CNTML comes with a config file which enables encrypting that password and defining a hash
Pre-requisite: Remove all proxy information from every place that you may have added. eg /etc/apt, /etc/environment, .bashrc , etc
Steps to Install
Available in repository
sudo apt-get install cntlm
Configure CNTLM
Once installed edit the configuration file:
sudo vim /etc/cntlm.conf
Set username, domain, remote proxy, and address with port which local proxy will listen to.
Username testuser
Domain yourorgdomain
Proxy your.org.proxy.ip/dns:8080
Listen 3128
Generate password hash
sudo cntlm -H your.org.proxy.ip/dns:8080
You will see something like this:
Password:
PassLM 7F4BB72132BAA2A01FA94BD623A70D3B
PassNT 2C27BB146F74625D159413FC1F30745F
PassNTLMv2 D3972609581D8260868ED588303F0FF0 # Only for user 'testuser', domain ‘ yourorgdomain’
Copy these lines to /etc/cntlm.conf
Configure Ubuntu to use the CNTLM proxy
Add these lines to configure system to use the local proxy as shown in the screenshot below. You can reach this place via System Settings ->Network either via dash or the power menu on the top panel.
Note: If you use KDE(Kubuntu), you will find similar settings in the KDE control panel
Restart CNTLM
Restart the service to load the new settings.
sudo invoke-rc.d cntlm restart
Logs
You can check the logs at /var/log/syslog
Setting Git/Android repos?
git config --global http.proxy http://127.0.0.1:3128
Leave a Reply