Hey guys - this is a crosspost from https://www.reddit.com/r/linuxadmin/comments/a2tgpi/centos_7_desktop_proxy_authentication_ntlmv2/ but I will copy-paste what I have written there below. I'm a junior system admin and so my knowledge is rather lacking at the moment, but any tips or pointers in a direction is much appreciated!
Hey all, struggling with an issue at the moment where I am trying to set up a CentOS 7 Desktop to authenticate with our web proxy via NTLMv2 and running into some issues.
Have not been able to authenticate at all (every time firefox requests the credentials the auth fails, though I can see my user account get locked out) so attempting to use CNTLM (http://cntlm.sourceforge.net/) to navigate the way through. It appears that there is an issue with NTLMv2 - when I specify the auth should be NTLMv2 in the conf file, the logs show errors of 'No target info block. Cannot do NTLMv2!" and I don't really understand what this means. Running wireshark I can see the authenticationrequired request from the proxy to the desktop has a line 'Target Info List: Empty' but that reaches the limit of my networking knowledge. I have been informed by the other guys that this (McAfee) proxy only authenticates via NTLMv2, so wonder if there is an issue on the desktop side of things?
I find it weird though cos it definitely passes the domain and username through fine, just the password is not coming through correctly (if at all). Any ideas? Cheers!
Oh and to add, CNTLM has a NTLMv2 hash that it supposedly passes through.
Edit:
Some further info, it looks like the 'type-3' message is missing as part of the authentication step. I can see the NTLMSSP_NEGIOTATE and NTLMSSP_CHALLENGE messages, but then there is no NTLMSSP_AUTHENTICATE message.
I'm delving into the MS-NLMP protocol pdf (https://winprotocoldoc.blob.core.windows.net/productionwindowsarchives/MS-NLMP/[MS-NLMP].pdf) trying to understand this, but I will admit, there is a ton of info that is flying far above my head haha
Edit: the CNTLM program I am using apparently runs a test over the different protocols to determine which the proxy uses, and in wireshark I can see that the NTLMv2 test does not generate an NTLMSSP_AUTH response, but the other three tests (which I think are NTLM, NT, and LM) do. I guess this is explained by the cntlm: No target info block. Cannot do NTLMv2! error, but still stumped
Ahh, also this is a VM in vSphere (but all internal networking access works fine, and if the proxy is redirected to one that whitelists via IP, external web access works fine).
No comments:
Post a Comment