You are not logged in.
Thread topic was "Handy script for people behind an NTLM auth'ing proxy"
On the LAN of my work, I have to use a Microsoft ISA proxy to be able to use HTTP(S). The annoying thing about this is that some crucial applications like wget and Opera don't support the proprietary authentication protocol Microsoft uses in ISA, called NTLM.
AUR has a great Python app, called ntlmaps (although it's listed as "apserver"). It's a proxy server that's able to authenticate to a proxy using the NTLM-protocol. It sits between you(r apps) and the evil ISA proxy.
Of course, it's very annoying if you're travelling from one workspace to another and you're not always connected to the company LAN using the ISA proxy. This is where my little script steps in: it checks to see if you're on the company LAN by reading /etc/resolv.conf. If you are, it starts ntlmaps if it wasn't running and sets $http_proxy. Concretely, it allows you to run pacman in a terminal from your company LAN without having to fiddle around with settings. As a bonus, every program using the $http_proxy variable will work just as easily (cf wget, links, ...).
Here it is, paste it into /etc/profile so that it's executed whenever you login or open a new terminal (otherwise $http_proxy isn't set):
function ntlmproxy_check {
# chown root:wheel /etc/ntlmaps/server.cfg
# chmod 640 /etc/ntlmaps/server.cfg
# chown root:wheel /var/run/daemons
# chmod 775 /var/run/daemons
# visudo -> "%wheel localhost=NOPASSWD:/usr/bin/python /usr/lib/python2.
4/site-packages/ntlmaps
#
RESOLVE_ADDRESS="yourcompanysdomain" # check the line "search" in /etc/resolv.conf
NTLM_COMMAND="/etc/rc.d/ntlmaps start"
NTLM_PIDOF=`pidof /usr/bin/python /usr/lib/python2.4/site-packages/ntlma
ps`
NTLM_PORT=5865 # default ntlmaps listening port
grep -q $RESOLVE_ADDRESS /etc/resolv.conf 2>&1 /dev/null
if [ $? -eq 0 ]
then
export http_proxy="http://localhost:$NTLM_PORT"
if [ -z $NTLM_PIDOF ]
then
echo "NTLM not running - starting ..."
$NTLM_COMMAND 2>&1 /dev/null
fi
else
echo "NTLM already running"
fi
}
function ntlmproxy_checkYou will need ntlmaps from AUR and sudo. Set up sudo so your normal user can start and stop the ntlmaps service without the need for a password. Chown /var/run/daemon as mentioned in the comments of the script. I think I kept the changes fairly secure, but if someone has a more secure way of starting the ntlmaps server as a normal user, please share.
A bus station is where a bus stops.
A train station is where a train stops.
On my desk I have a workstation.
Offline
I noticed Arch supports different network profiles! Which is great if you've got a laptop that visits different LAN's with different network settings.
Unfortunately, I've come accross many corporate LAN's that have their own proxy servers as an extra layer of security. Setting the $http_proxy and $ftp_proxy environment variables everytime is annoying so I modified Arch's netcfg (/usr/bin/netcfg) script that takes care of the network-profiles.
Here's what I did:
/usr/bin/netcfg
start_profile() {
...
# add proxy
if [ "$PROXYFILE" -a -f /etc/network-profiles/$PROXYFILE ]
then
ln -s /etc/network-profiles/$PROXYFILE /etc/profile.d/proxy.sh
chmod +x /etc/profile.d/proxy.sh
fi
# Save the info in /var/run so we can shut it down later
...
stop_profile() {
...
# remove proxy settings
unset -v http_proxy ftp_proxy
if [ -f /etc/profile.d/proxy.sh ]
then
rm /etc/profile.d/proxy.sh
fi
.../etc/network-profile/<profile>
...
PROXYFILE="<profile>.proxy"
.../etc/network-profile/<profile>.proxy
export http_proxy="http://foo:bar@10.0.0.1:8080"
export ftp_proxy=$http_proxyYou can put whatever you want in the <profile>.proxy script to set up the appropriate variables, e.g. the ntlmproxy_check I posted above.
Now, when netcfg is called it checks to see if $PROXYFILE is set in your network profile. It then creates a symlink /etc/profile.d/proxy.sh pointing to $PROXYFILE. This way, everytime you login the $PROXYFILE is executed and sets the appropriate variables.
It's not very secure: anyone can simply do "echo $http_proxy" and see your login and password for the proxy server.
A bus station is where a bus stops.
A train station is where a train stops.
On my desk I have a workstation.
Offline
sry for the stupid question, i searched quite long, but i have not fount ntlmaps anywhere, can someone post a link with ntlmaps please?
Offline
This work was not included in netcfg, is there any work of this kind that allows to easily change proxy settings in fonction of the net we are using? (Even if not a NTLM proxy)
Offline