search

Evengard / cntlm

PLEASE NOTE THAT THIS FORK IS NOT MAINTAINED! For the maintained fork please refer to https://github.com/versat/cntlm. Cntlm is an NTLM / NTLM Session Response / NTLMv2 authenticating HTTP proxy intended to help you break free from the chains of Microsoft proprietary world. More info on http://cntlm.sourceforge.net/ website. THIS VERSION SUPPORTS SSPI, WHICH ALLOWS USERS WITH SMARTCARD AUTHENTICATION TO USE IT ON WINDOWS BOXES!
GNU General Public License v2.0
129 stars 46 forks source link

yum update with cntlm fails #4

Open andreicristianpetcu opened 8 years ago

andreicristianpetcu commented 8 years ago

Hello! I've configured yum on a CentOS 6.7 to use a CNTLM proxy but it fails. If I set Firefox to use that proxy it works but not yum. Here is the output when I do a yum update.

******* Round 1 C: 5, S: 6 *******!
Reading headers...
HEAD: GET http://mirrorlist.centos.org/?release=6&arch=i386&repo=os&infra=stock HTTP/1.1
User-Agent                     => urlgrabber/3.9.1 yum/3.2.29
Host                           => mirrorlist.centos.org
Accept                         => */*
Proxy-Connection               => Keep-Alive
NTLM Request:
           Domain: XXXXXX
         Hostname: vagrant
            Flags: 0xA208B205

Sending auth request...
User-Agent                     => urlgrabber/3.9.1 yum/3.2.29
Host                           => mirrorlist.centos.org
Accept                         => */*
Proxy-Connection               => Keep-Alive
Connection                     => Keep-Alive
Proxy-Authorization            => NTLM XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Reading auth response...
HEAD: HTTP/1.1 401 Unauthorized
Cache-Control                  => no-cache
Pragma                         => no-cache
WWW-Authenticate               => NTLM
Content-Type                   => text/html; charset=utf-8
Proxy-Connection               => close
Set-Cookie                     => BCSI-CS-9999999999999999=2; Path=/
Connection                     => close
Content-Length                 => 4259
Got 4259 too many bytes.
Proxy signals it's closing the connection.
Proxy closed connection (i=1, closed=1, so_closed=1). Reconnecting...
Sending headers...
User-Agent                     => urlgrabber/3.9.1 yum/3.2.29
Host                           => mirrorlist.centos.org
Accept                         => */*
Proxy-Connection               => Keep-Alive
Connection                     => Keep-Alive
No body.

******* Round 2 C: 5, S: 6 *******!
Reading headers...
HEAD: HTTP/1.1 401 Unauthorized
Cache-Control                  => no-cache
Pragma                         => no-cache
WWW-Authenticate               => NEGOTIATE
WWW-Authenticate               => NTLM
Content-Type                   => text/html; charset=utf-8
Proxy-Connection               => close
Set-Cookie                     => BCSI-CS-9999999999999999=2; Path=/
Connection                     => close
Content-Length                 => 4259
Sending headers...
Body included. Lenght: 4259
data_send: read 2048 of 2048 / 2048 of 4259 (errno = ok)
data_send: fds 5:6 warning -999 (connection closed)
Could not send whole body

Thread finished.
Joining thread 3077966704; rc: 0

This is my cntlm.ini

Username    xxxxxxxx
Domain      xxxxxx
PassLM          XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
PassNT          XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
PassNTLMv2      XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Proxy       myproxy.internal:80
NoProxy     localhost, 127.0.0.*
Listen      127.0.0.1:3128
Gateway yes

This is what I put in my /etc/yum.cfg

.....
proxy=http://127.0.0.1:3128

And this is the output of yum update

yum update
Loaded plugins: fastestmirror
Setting up Update Process
Loading mirror speeds from cached hostfile
Could not retrieve mirrorlist http://mirrorlist.centos.org/?release=6&arch=i386&repo=os&infra=stock error was
14: PYCURL ERROR 22 - "The requested URL returned error: 401 Unauthorized"
Error: Cannot find a valid baseurl for repo: base

What am I doing wrong? Thank you!

andreicristianpetcu commented 8 years ago

This is how a get to the CentOS mirror looks like from Firefox, using the same CNTLM proxy from the VM. I think this GET is what yum is doing behind the scenes when I run yum update.

******* Round 1 C: 5, S: 6 *******!
Reading headers...
HEAD: GET http://mirrorlist.centos.org/?release=6&arch=i386&repo=os&infra=stock HTTP/1.1
Host                           => mirrorlist.centos.org
User-Agent                     => Mozilla/5.0 (Windows NT 6.1; rv:43.0) Gecko/20100101 Firefox/43.0
Accept                         => text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language                => en-US,en;q=0.5
Accept-Encoding                => gzip, deflate
Cookie                         => _ga=GA1.2.799595885.1452150352; BCSI-CS-9999999999999999=2; BCSI-AC-999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999; BC_HA_9999999999999999_99999999=2B82A70
Connection                     => keep-alive
Sending headers...
Host                           => mirrorlist.centos.org
User-Agent                     => Mozilla/5.0 (Windows NT 6.1; rv:43.0) Gecko/20100101 Firefox/43.0
Accept                         => text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language                => en-US,en;q=0.5
Accept-Encoding                => gzip, deflate
Cookie                         => _ga=GA1.9.999999999.9999999999; BCSI-CS-9999999999999999=2; BCSI-AC-999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999; BC_HA_9999999999999999_99999999=9999999
Connection                     => Keep-Alive
Proxy-Connection               => Keep-Alive
No body.

******* Round 2 C: 5, S: 6 *******!
Reading headers...
HEAD: HTTP/1.1 200 OK
Date                           => Fri, 08 Jan 2016 11:04:49 GMT
Server                         => Apache/2.2.15 (CentOS)
Transfer-Encoding              => chunked
Content-Type                   => text/plain; charset=ISO-8859-1
Via                            => 1.1 gsgxas1-s3
X-Cache                        => SA= OBSERVED from gsgecf2-s5 RS=200 from mirrorlist.centos.org [99.999.999.999:99] SC=200, SA= OBSERVED from gsgxas1-s3 RS=200 from 99.999.999.9 [99.999.999.9:9999] SC=200
Connection                     => Keep-Alive
Set-Cookie                     => BC_HA_9999999999999999_99999999=9999999; Domain=.centos.org; expires=Fri, 08-Jan-16 11:34:50 GMT; Path=/
*************************
CL: (null), C: Keep-Alive, CT: text/plain; charset=ISO-8859-1, TE: chunked
Sending headers...
Chunked body included.
Line: 1d2
strtol: 466 (1d2) - err:

data_send: read 468 of 468 / 468 of 468 (errno = ok)
data_send: wrote 468 of 468
Line: 0
strtol: 0 (0) - err:

last chunk: 0
Trailer header(i=1):

Chunked body sent.

Thread finished.
Storing the connection for reuse (5:6).
Joining thread 3078409072; rc: 0