建设通和天眼查网站,手机在线图片编辑器,黄山旅游攻略及费用,简单的网站设计模板下载2019独角兽企业重金招聘Python工程师标准 对于那些使用NTLM进行身份验证的网络代理环境#xff08;即设置上除需要代理主机和端口之外还需要提供域用户和密码#xff09;来说#xff0c;通过代理上网是一件头痛的事情#xff0c;这主要是因为很多软件不支持N… 2019独角兽企业重金招聘Python工程师标准 对于那些使用NTLM进行身份验证的网络代理环境即设置上除需要代理主机和端口之外还需要提供域用户和密码来说通过代理上网是一件头痛的事情这主要是因为很多软件不支持NTLM验证的代理比如目前的GIT就不能支持NTLM验证即使在代理中指定了域帐号和密码在连接过程中依然报 Received HTTP code 407 from proxy after CONNECT 说明验证并未通过如果有这样一种工具能封装NTLM验证然后对外提供普通的HTTP代理服务那么第三方应用就可以通过配置普通的代理访问网络了这就是Cntlm (项目官网http://cntlm.sourceforge.net/所要解决的问题 由于Cntlm也有linux版本这意味着在linux系统上通过NTLM身份验证的网络代理也是可行的。本文原文出处: http://blog.csdn.net/bluishglc/article/details/37600773 严禁任何形式的转载否则将委托CSDN官方维护权益 配置 下载安装Cntlm之后只需要修改cntlm.ini文件提供身份认证必要的信息然后以服务的方式启动cntlm就可以了。在cntlm.ini中有如下几个重要的配置是可能需要修改的 Username - your domain/proxy account nameDomain - the actual domain nameWorkstation - NetBIOS name of your workstation; Cntlm tries to autodetect it, but you might want to set it explicitly should dialect detection fail (see below)Proxy - IP address (or ping-able hostname) of your proxy; if you use several alternative proxies or know of backup ones, use this option multiple times; if one stops working, Cntlm will move on to the nextListen - local port number which Cntlm should bind to; the default is OK, but remember you cant have more than one application per port; you can use netstat to list used up ports (lines with LISTEN) 其中Listen配置项是cntlm将在本地打开的作为普通代理的端口假如我的windows域是abc,帐号是laurence,密码是123代理服务器是192.168.0.180则cntlm.ini应该如下配置 #
# Cntlm Authentication Proxy Configuration
#
# NOTE: all values are parsed literally, do NOT escape spaces,
# do not quote. Use 0600 perms if you use plaintext password.
#Username laurence
Domain abc
Password 123
# NOTE: Use plaintext password only at your own risk
# Use hashes instead. You can use a cntlm -M and cntlm -H
# command sequence to get the right config for your environment.
# See cntlm man page
# Example secure config shown below.
# PassLM 1AD35398BE6565DDB5C4EF70C0593492
# PassNT 77B9081511704EE852F94227CF48A793
### Only for user testuser, domain corp-uk
# PassNTLMv2 D5826E9C665C37C80B53397D5C07BBCB# Specify the netbios hostname cntlm will send to the parent
# proxies. Normally the value is auto-guessed.
#
# Workstation netbios_hostname# List of parent proxies to use. More proxies can be defined
# one per line in format proxy_ip:proxy_port
#
Proxy 192.168.0.1:80# List addresses you do not want to pass to parent proxies
# * and ? wildcards can be used
#
NoProxy localhost, 127.0.0.*, 10.*, 192.168.*# Specify the port cntlm will listen on
# You can bind cntlm to specific interface by specifying
# the appropriate IP address also in format local_ip:local_port
# Cntlm listens on 127.0.0.1:3128 by default
#
Listen 3128# If you wish to use the SOCKS5 proxy feature as well, uncomment
# the following option. It can be used several times
# to have SOCKS5 on more than one port or on different network
# interfaces (specify explicit source address for that).
#
# WARNING: The service accepts all requests, unless you use
# SOCKS5User and make authentication mandatory. SOCKS5User
# can be used repeatedly for a whole bunch of individual accounts.
#
#SOCKS5Proxy 8010
#SOCKS5User dave:password# Use -M first to detect the best NTLM settings for your proxy.
# Default is to use the only secure hash, NTLMv2, but it is not
# as available as the older stuff.
#
# This example is the most universal setup known to man, but it
# uses the weakest hash ever. I wont have its usage on my
# conscience. :) Really, try -M first.
#
#Auth LM
#Flags 0x06820000# Enable to allow access from other computers
#
#Gateway yes# Useful in Gateway mode to allow/restrict certain IPs
# Specifiy individual IPs or subnets one rule per line.
#
#Allow 127.0.0.1
#Deny 0/0# GFI WebMonitor-handling plugin parameters, disabled by default
#
#ISAScannerSize 1024
#ISAScannerAgent Wget/
#ISAScannerAgent APT-HTTP/
#ISAScannerAgent Yum/# Headers which should be replaced if present in the request
#
#Header User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)# Tunnels mapping local port to a machine behind the proxy.
# The format is local_port:remote_host:remote_port
#
#Tunnel 11443:remote.com:443 其中对于监听端口使用默认的端口3128就可以了。我们可以通过命令来验证配置是否正确cntlm -c /path/to/cntlm.ini -I -M http://www.baidu.com如果能正常返回就表示各项配置都是正确的接下就可以启动cntlm服务在后台运行了使用命令net start cntlm服务启动之后我们就可以在第三方应用的代理配置上这样设定了代理服务器127.0.0.1 即本机代理服务器端口3128即cntlm.ini文件中配置的Listen端口 日志与常见错误 cntlm绝大多数错误表现为服务无法启动具体原因有很多好在cntlm有较好的日志信息可以帮助我们找到问题的根源查看cntlm日志的方法是Start - Settings - Control Panel - Administrative Tools - Event Viewer, 然后在左侧面板的目录树中选择Windows Logs - Application, 再在右侧面板中配置一下过虑项将事件源设定为cntlm就可以过滤出所有的cntlm日志了。这里我们介绍两种可能的错误1. cntlm: PID XXXX: Possible duplicate cygwin1.dll: /socat-1.7.2.1/cygwin1.dll.类似这样的错误是由于cygwin1.dll冲突引起的有多种工具会携带自己的cygwin1.dll如果版本不兼容就会报如上的错误最简单的方是先移除它们。2. cntlm: Parent proxy address missing 这是一个容易造成误导的错误如果多数情况下并不是因为你在cntlm.ini中错误地制定了Proxy而是cntlm程序启动时根本没用找到cntlm.ini文件造成这种问题的可能诱因之一是在安装cntlm时修改了默认的安装目录这应该是cntlm的一个bug。不知道在启动cntlm服务的配置界面Control Panel - Administrative Tools - Services上指定-c参数是否有效有兴趣的朋友可以尝试一下我是按默认配置重装了cntlm解决的问题。 转载于:https://my.oschina.net/pangzhuzhu/blog/327160
