proxy

Make Ubuntu work behind an enterprise proxy

Large enterprises are notorious for their firewalls and proxies and what they allow their employees to access over the internet. Even developers have a hard time figuring out how to deal with the situation and spend hours together trying to fix the proxy issue.

Of course there are multiple ways to get Ubuntu working behind an enterprise proxy . But to reduce the amount of time  you spend to carry out the operation, a very old yet effective solution is the best way forward.

You may have guessed it already, install a local proxy.  Ubuntu repos come with a very effective tool/program/software/app whatever you may choose to call it. It’s called CNTLM and below are the steps to get it working. This setup has been tested on Ubuntu 14.04.4 LTS.

Why CNTLM?

Enterprise proxies which are mostly still dependent on Microsoft based technologies like Active Directory require authentication for many activities like downloading from git repos, Android repos, Ubuntu repos and sometimes also for accessing internet. This authentication is usually tied to your AD login. Using commands like Accquire::http_proxy and export require you to explicitly define your password in plain text files. This leaves your password exposed .

CNTML comes with a config file which enables encrypting that password and defining a hash

Pre-requisite: Remove all proxy information from every place that you may have added. eg /etc/apt, /etc/environment, .bashrc , etc

Steps to Install

Available in repository

sudo apt-get install cntlm

Configure CNTLM

Once installed edit the configuration file:

sudo vim /etc/cntlm.conf

Set username, domain, remote proxy, and address with port which local proxy will listen to.

Username       testuser
Domain         yourorgdomain
Proxy          your.org.proxy.ip/dns:8080
Listen         3128

Generate password hash

sudo cntlm -H your.org.proxy.ip/dns:8080

You will see something like this:

Password:
PassLM          7F4BB72132BAA2A01FA94BD623A70D3B
PassNT          2C27BB146F74625D159413FC1F30745F
PassNTLMv2      D3972609581D8260868ED588303F0FF0    # Only for user 'testuser', domain ‘ yourorgdomain’

Copy these lines to /etc/cntlm.conf

Configure Ubuntu to use the CNTLM proxy

Add these lines to configure system to use the local proxy as shown in the screenshot below. You can reach this place via System Settings ->Network either via dash or the power menu on the top panel.

CNTLM

Note: If you use KDE(Kubuntu), you will find similar settings in the KDE control panel

Restart CNTLM

Restart the service to load the new settings.

sudo invoke-rc.d cntlm restart

Logs

You can check the logs at /var/log/syslog

Setting Git/Android repos?

git config --global http.proxy http://127.0.0.1:3128

Leave a Reply

tuxtrixmod
Scroll to Top