13

I am using Ubuntu WSL on Windows 10. How to configure HTTP proxy with authentication on it?

αғsнιη
  • 35,660
Gaurav Agarwal
  • 131

2 Answers2

12

cntlm proxy for NTLM authentication

I am assuming your proxy requires a NTLM based user authentication, which will not work with the credentials specified in $HTTP_PROXY. A NTLM capable proxy this required for that: e.g. cntlm.

Install cntlm proxy

The default way of installing the proxy would be to use sudo apt-get install cntlm, but without any proxy this will obviously fail. You need to manually download the package cntlm_0.92.3-1ubuntu2_amd64.deb and copy it into your WSL instance.

Install the package with

$ sudo dpkg -i cntlm_0.92.3-1ubuntu2_amd64.deb

Configure cntlm proxy

The cntlm proxy requires proper NTLM-Proxy configuration in /etc/cntlm.conf:

# /etc/cntlm.con
Domain      Domain
Username    username
Proxy       1.2.3.4:5678
NoProxy     localhost, 127.0.0.*, 10.*, 192.168.*
Listen      3128

This is the minimal required configuration for cntlm. Test and verify cntlm with the following command:

$ cntlm -M http://www.google.com
cntlm: Starting cntlm version 0.92.3 for LITTLE endian

cntlm: Proxy listening on 127.0.0.1:3128


cntlm: Workstation name used: hostname


Password:

If the authentication is successful, generate hashes for the authentication by using the -H switch:

$ cntlm -H                   
cntlm: Starting cntlm version 0.92.3 for LITTLE endian

cntlm: Proxy listening on 127.0.0.1:3128


cntlm: Workstation name used: somehost


cntlm: Using following NTLM hashes: NTLMv2(1) NT(0) LM(0)


Password: 
PassLM          123456789ABCDEF123456789ABCDEF12
PassNT          123456789ABCDEF123456789ABCDEF12
PassNTLMv2      123456789ABCDEF123456789ABCDEF12    # Only for user 'username', domain 'Domain'
cntlm: Terminating with 0 active threads

Add the three hashes PassLM, PassNT and PassNTLMv2 to the cntlm configuration file /etc/cntlm.conf. Then activate the proxy via systemd:

$ sudo systemctl restart cntlm

Now the proxy should listen on your localhost at port 3128.

Configure proxy

Now you can configure the proxy as described in this post but use:

$ export http_proxy=http://localhost:3128/
$ export https_proxy=http://localhost:3128/
Simon Sudler
  • 3,931
  • 3
  • 21
  • 34
  • 2
    I'm using Ubuntu on WSL. You may need to do sudo chmod 644 /etc/cntlm.conf first before executing the cntlm -M https://www.google.com command. And use sudo service cntlm start to run the cntlm service. – aff Jan 17 '20 at 10:23
-1

From your bash shell: 

export http_proxy=http://[username]:[password]@[proxy-webaddress]:[port]

and possibly

export https_proxy=https://[username]:[password]@[proxy-webaddress]:[port]

Username and password are often Windows domain credentials. If the password contains any special characters, you may need to escape the special characters with a backslash to protect them from the shell. For example, if your Windows account is "gomer" with a password of "Pea$1rzz", and your proxy server is bluecoat.acme.com on port 8080, then you would say

export http_proxy=http://gomer:Pea\$1rzz@bluecoat.acme.com:8080
export https_proxy=https://gomer:Pea\$1rzz@bluecoat.acme.com:8080

echo $http_proxy
echo $https_proxy

should show the correct credentials. You'll need to do this for each shell. So, if you're wanting to do some work with apt, it may be more convenient to open a root shell

sudo bash

before setting your proxies.

user763861
  • 79
  • thank you for the answer, but you suggested the same things as in the https://askubuntu.com/q/23666/283843 I linked already. – αғsнιη Apr 14 '19 at 05:35