Using Linux on corporate workstation - Internet Access

Ever wanted to run linux on a workstation in a MS Windows dominated company?

Well, at least you can try.

First thing first:

Pick your favourite desktop virtualization hypervisor and install any linux distribution.

Probably your employer is using MS ISA server which acts as a proxy server (among other things), and you have to authenticate yourself before you can use it - and that will be todays topic.

There's a nice little piece of software called CNTLM - http://cntlm.sourceforge.net/
You have to run this application on the host computer, or inside the VM (but you have to install it somehow, without access to internet from VM).

After unpacking the software, you will see a cntlm.exe file, and a cntlm.ini, which holds the configuration.

You have to fill following parameters:

Username jd1234
Domain  example.org
Proxy   your.company.proxy.server:port
Listen  127.0.0.1:3189
Gateway no
Auth NTLMv2
PassNTLMv2 xxxxxx
Allow 127.0.0.1

A note on parameters:
Username - your username in Active Directory
Domain - domain name
Proxy - address and port of company's proxy server
Listen - listen interface and port. If you would like to share this proxy with other computer - set it to your current IP address, and port of your choice, and enable the next attribute:
Gateway - set to no if you want to use cntlm on your machine only; otherwise yes
Auth - type of authorization
Pass<xxx> - parameter suffix should be the same as authorization method
Allow - address that can use this proxy. If you want more than one, just add another entries.

To generate PassNTLMv2 (or other) entry, you have to run:

cntlm.exe -c cntlm.ini -H

It will ask for password, and will generate list of hashes, which should be put info config file. Remember to enter the same one, as you have set in the Auth parameter.

Config should be ready, run cntlm by typing:

cntlm.exe -c cntlm.ini

application will run in the background so you can close the cmd window.

To use this proxy, simply set http_proxy, https_proxy environment variables to your cntlm address, and you should now gain access to the internet:

export http_proxy=http://<cntlm.proxy.ip.address>:port
export https_proxy=https://<cntlm.proxy.ip.address>:port

Remember that this works only in your current session. To make it persistent, you can add those lines into the /etc/environment file for all users, or into the ~/.bashrc or ~/.anothershellrc file.

If you are using ubuntu or debian, it may be necessary, to setup apt in /etc/apt/apt.conf:

Acquire::http::proxy "http://cntlm.proxy.ip.address:port/";
Acquire::https::proxy "https://cntlm.proxy.ip.address:port/";

I have noticed, that cntlm isn't really stable in Windows environment, so it is a good idea, to repeat those steps, and install it inside the Linux VM.