Cntlm Proxy returning invalid challenge

cntlm – Proxy returning invalid challenge

After setting up Cntlm on my new MAC at work and trying it for the first time I’ve got a “Proxy returning invalid challenge” error.

Corporate proxy at one of the customers requires NTLM authentication, and while that is not a  “problem” when using a browser or some other “desktop” apps, it is more complicated to use when you need to access internet from command line. So in this case I am using Cntlm, which is set-up as a local proxy and it uses your credentials to authenticate against the corporate proxy that is using NTLM authentication .

What bedazzled me about the “Proxy returning invalid challenge” error is that I’ve copied a working configuration from my old machine.

After a some unfruitful googling I’ve decided to run Cntlm in verbose mode to see what is happening in there

So started cntlm by  /usr/local/bin/cntlm -v , That will print out the used configuration and will be waiting for any requests to be sent via proxy

Now when I try to make a curl call to ec2.ap-southeast-2.amazonaws.com:443  , I see the dreadful cntlm[49863] : Proxy returning invalid challenge!  error

 

That didn’t really help me so I’ve done the same on the old machine and compared the results.

And the main difference was that  on old machine I’ve had a proper Hostname value

Vs cntlm  on the new one

So for some reason Cntlm didn’t pick up the hostname, and as a result the Corporate proxy response was not usable.

After discovering that I’ve run Cntlm with -w flag, like this /usr/local/bin/cntlm -v -w MyHost  and that has worked!!

but I don’t want to bother with specifying the hostname each time I start Cntlm, so I’ve added it to Cntlm’s configuration file (  /usr/local/etc/cntlm.conf  in my case) using the “Workstation” parameter

It did the trick and I am happy Cntlm user again :-).

I am not sure why Cntlm managed to “auto-guess” the value on old machine (if you remember, I’ve copied the config like for like) while it didn’t on the new one, but trying to understand that was not a priority for me as I finally could get back to work.

2 thoughts on “cntlm – Proxy returning invalid challenge”

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.