在cntlm.ini中有例如以下几个重要的配置是可能须要改动的:
Username - your domain/proxy account name
Domain - the actual domain name
Workstation - NetBIOS name of your workstation; Cntlm tries to autodetect it, but you might want to set it explicitly should dialect detection fail (see below)
Proxy - IP address (or ping-able hostname) of your proxy; if you use several alternative proxies or know of backup ones, use this option multiple times; if one stops working, Cntlm will move on to the next
Listen - local port number which Cntlm should bind to; the default is OK, but remember you can‘t have more than one application per port; you can use netstat to list used up ports (lines with LISTEN)
# # Cntlm Authentication Proxy Configuration # # NOTE: all values are parsed literally, do NOT escape spaces, # do not quote. Use 0600 perms if you use plaintext password. # Username laurence Domain abc Password 123 # NOTE: Use plaintext password only at your own risk # Use hashes instead. You can use a "cntlm -M" and "cntlm -H" # command sequence to get the right config for your environment. # See cntlm man page # Example secure config shown below. # PassLM 1AD35398BE6565DDB5C4EF70C0593492 # PassNT 77B9081511704EE852F94227CF48A793 ### Only for user ‘testuser‘, domain ‘corp-uk‘ # PassNTLMv2 D5826E9C665C37C80B53397D5C07BBCB # Specify the netbios hostname cntlm will send to the parent # proxies. Normally the value is auto-guessed. # # Workstation netbios_hostname # List of parent proxies to use. More proxies can be defined # one per line in format <proxy_ip>:<proxy_port> # Proxy 192.168.0.1:80 # List addresses you do not want to pass to parent proxies # * and ?wildcards can be used # NoProxy localhost, 127.0.0.*, 10.*, 192.168.* # Specify the port cntlm will listen on # You can bind cntlm to specific interface by specifying # the appropriate IP address also in format <local_ip>:<local_port> # Cntlm listens on 127.0.0.1:3128 by default # Listen 3128 # If you wish to use the SOCKS5 proxy feature as well, uncomment # the following option. It can be used several times # to have SOCKS5 on more than one port or on different network # interfaces (specify explicit source address for that). # # WARNING: The service accepts all requests, unless you use # SOCKS5User and make authentication mandatory. SOCKS5User # can be used repeatedly for a whole bunch of individual accounts. # #SOCKS5Proxy 8010 #SOCKS5User dave:password # Use -M first to detect the best NTLM settings for your proxy. # Default is to use the only secure hash, NTLMv2, but it is not # as available as the older stuff. # # This example is the most universal setup known to man, but it # uses the weakest hash ever. I won‘t have it‘s usage on my # conscience. :) Really, try -M first. # #Auth LM #Flags 0x06820000 # Enable to allow access from other computers # #Gateway yes # Useful in Gateway mode to allow/restrict certain IPs # Specifiy individual IPs or subnets one rule per line. # #Allow 127.0.0.1 #Deny 0/0 # GFI WebMonitor-handling plugin parameters, disabled by default # #ISAScannerSize 1024 #ISAScannerAgent Wget/ #ISAScannerAgent APT-HTTP/ #ISAScannerAgent Yum/ # Headers which should be replaced if present in the request # #Header User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows 98) # Tunnels mapping local port to a machine behind the proxy. # The format is <local_port>:<remote_host>:<remote_port> # #Tunnel 11443:remote.com:443
这里我们介绍两种可能的错误:
1. cntlm: PID XXXX: Possible duplicate cygwin1.dll: /socat-1.7.2.1/cygwin1.dll.
相似这种错误是由于cygwin1.dll冲突引起的。有多种工具会携带自己的cygwin1.dll,假设版本号不兼容就会报如上的错误,最简单的方是先移除它们。
2. cntlm: Parent proxy address missing
这是一个easy造成误导的错误,假设多数情况下并非由于你在cntlm.ini中错误地制定了Proxy而是cntlm程序启动时根本没用找到cntlm.ini文件,造成这种问题的可能诱因之中的一个是在安装cntlm时改动了默认的安装文件夹,这应该是cntlm的一个bug。不知道在启动cntlm服务的配置界面(Control Panel -> Administrative Tools -> Services)上指定-c參数是否有效。有有兴趣的朋友可以试试,我按照默认配置重装cntlm已解决。
版权声明:本文博主原创文章,博客,未经同意不得转载。
原文:http://www.cnblogs.com/lcchuguo/p/4854709.html
