Cntlm安裝和配置心得
阿新 • • 發佈:2018-11-15
分享一下我老師大神的人工智慧教程!零基礎,通俗易懂!http://blog.csdn.net/jiangjunshow
也歡迎大家轉載本篇文章。分享知識,造福人民,實現我們中華民族偉大復興!
對於那些使用NTLM進行身份驗證的網路代理環境(即設定上除需要代理主機和埠之外還需要提供域使用者和密碼)來說,通過代理上網是一件頭痛的事情,這主要是因為很多軟體不支援NTLM驗證的代理(比如目前的GIT就不能支援NTLM驗證,即使在代理中指定了域帳號和密碼,在連線過程中依然報: Received HTTP code 407 from proxy after CONNECT ,說明驗證並未通過),如果有這樣一種工具能封裝NTLM驗證然後對外提供普通的HTTP代理服務,那麼第三方應用就可以通過配置普通的代理訪問網路了,這就是Cntlm (專案官網:配置
下載安裝Cntlm之後,只需要修改cntlm.ini檔案,提供身份認證必要的資訊,然後以服務的方式啟動cntlm就可以了。在cntlm.ini中有如下幾個重要的配置是可能需要修改的:
Username - your domain/proxy account name
Domain - the actual domain name
Workstation - NetBIOS name of your workstation; Cntlm tries to autodetect it, but you might want to set it explicitly should dialect detection fail (see below)
Proxy - IP address (or ping-able hostname) of your proxy; if you use several alternative proxies or know of backup ones, use this option multiple times; if one stops working, Cntlm will move on to the next
Listen - local port number which Cntlm should bind to; the default is OK, but remember you can't have more than one application per port; you can use netstat to list used up ports (lines with LISTEN)
## Cntlm Authentication Proxy Configuration## NOTE: all values are parsed literally, do NOT escape spaces,# do not quote. Use 0600 perms if you use plaintext password.#Username laurenceDomain abcPassword 123# NOTE: Use plaintext password only at your own risk# Use hashes instead. You can use a "cntlm -M" and "cntlm -H"# command sequence to get the right config for your environment.# See cntlm man page# Example secure config shown below.# PassLM 1AD35398BE6565DDB5C4EF70C0593492# PassNT 77B9081511704EE852F94227CF48A793### Only for user 'testuser', domain 'corp-uk'# PassNTLMv2 D5826E9C665C37C80B53397D5C07BBCB# Specify the netbios hostname cntlm will send to the parent# proxies. Normally the value is auto-guessed.## Workstation netbios_hostname# List of parent proxies to use. More proxies can be defined# one per line in format <proxy_ip>:<proxy_port>#Proxy 192.168.0.1:80# List addresses you do not want to pass to parent proxies# * and ? wildcards can be used#NoProxy localhost, 127.0.0.*, 10.*, 192.168.*# Specify the port cntlm will listen on# You can bind cntlm to specific interface by specifying# the appropriate IP address also in format <local_ip>:<local_port># Cntlm listens on 127.0.0.1:3128 by default#Listen 3128# If you wish to use the SOCKS5 proxy feature as well, uncomment# the following option. It can be used several times# to have SOCKS5 on more than one port or on different network# interfaces (specify explicit source address for that).## WARNING: The service accepts all requests, unless you use# SOCKS5User and make authentication mandatory. SOCKS5User# can be used repeatedly for a whole bunch of individual accounts.##SOCKS5Proxy 8010#SOCKS5User dave:password# Use -M first to detect the best NTLM settings for your proxy.# Default is to use the only secure hash, NTLMv2, but it is not# as available as the older stuff.## This example is the most universal setup known to man, but it# uses the weakest hash ever. I won't have it's usage on my# conscience. :) Really, try -M first.##Auth LM#Flags 0x06820000# Enable to allow access from other computers##Gateway yes# Useful in Gateway mode to allow/restrict certain IPs# Specifiy individual IPs or subnets one rule per line.##Allow 127.0.0.1#Deny 0/0# GFI WebMonitor-handling plugin parameters, disabled by default##ISAScannerSize 1024#ISAScannerAgent Wget/#ISAScannerAgent APT-HTTP/#ISAScannerAgent Yum/# Headers which should be replaced if present in the request##Header User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)# Tunnels mapping local port to a machine behind the proxy.# The format is <local_port>:<remote_host>:<remote_port># #Tunnel 11443:remote.com:443其中對於監聽埠使用預設的埠3128就可以了。我們可以通過命令來驗證配置是否正確:
cntlm -c /path/to/cntlm.ini -I -M http://www.baidu.com
如果能正常返回就表示各項配置都是正確的,接下就可以啟動cntlm服務在後臺運行了,使用命令:
net start cntlm
服務啟動之後,我們就可以在第三方應用的代理配置上這樣設定了:代理伺服器:127.0.0.1 (即本機),代理伺服器埠:3128(即cntlm.ini檔案中配置的Listen埠)
日誌與常見錯誤
cntlm絕大多數錯誤表現為服務無法啟動,具體原因有很多,好在cntlm有較好的日誌資訊可以幫助我們找到問題的根源,檢視cntlm日誌的方法是:Start -> Settings -> Control Panel -> Administrative Tools -> Event Viewer, 然後在左側面板的目錄樹中選擇:Windows Logs -> Application, 再在右側面板中配置一下過慮項,將事件源設定為cntlm就可以過濾出所有的cntlm日誌了。
這裡我們介紹兩種可能的錯誤:
1. cntlm: PID XXXX: Possible duplicate cygwin1.dll: /socat-1.7.2.1/cygwin1.dll.
類似這樣的錯誤是由於cygwin1.dll衝突引起的,有多種工具會攜帶自己的cygwin1.dll,如果版本不相容就會報如上的錯誤,最簡單的方是先移除它們。
2. cntlm: Parent proxy address missing
這是一個容易造成誤導的錯誤,如果多數情況下並不是因為你在cntlm.ini中錯誤地制定了Proxy而是cntlm程式啟動時根本沒用找到cntlm.ini檔案,造成這種問題的可能誘因之一是在安裝cntlm時修改了預設的安裝目錄,這應該是cntlm的一個bug。不知道在啟動cntlm服務的配置介面(Control Panel -> Administrative Tools -> Services)上指定-c引數是否有效,有興趣的朋友可以嘗試一下,我是按預設配置重灌了cntlm解決的問題。
給我老師的人工智慧教程打call!http://blog.csdn.net/jiangjunshow
