Skip to content

btrepp/docker-cntlm

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
 
 
 
 
 
 
 
 

Repository files navigation

Cntlm Docker

This is a simple dockerfile that wraps up cntlm into debian. It will set up a open proxy, that uses NTLMv2 to authenticate upstream. The main use case is to get a simple proxy setup that plays nice with windows networks.

Ideally you can use this with redsocks+iptables, to make docker images think they have direct access, but the connections are actually tunneled through.

container->redsocks->ctnlm->upstream

For SSH you may also be interested in corkscrew

Usage

Simple usage is

docker run --rm -p 3128:3128 btrepp/cntlm user.name domain NTVLMv2Hash upstream_proxy:port

This will create an unathenticated proxy on the host running at 3128

By default cntlm will run with NoProxy localhost, 127.0.0., 10., 192.168.*, *.$2 If the env var NOPROXY is set, it gets added to this list

NTLMv2 Hash

By default I've only set this up to accept Hashed passwords. cntlm supports actual passwords, but that is left up to you to figure out. A script exists in the images that will help you get the hash

docker run --rm -t -i --entrypoint="get_ntlm.sh" btrepp/cntlm user.name@domain upstream_proxy:port

This will ask you for your password and attempt to use the upstream proxy to get to docker.io. If it succeeds it will print a PassNTLMv2 line, use this hash above when launching the container.

Contributing

This was a quick hack to get together as nothing currently existed on the registry. Feel free to fork it and send pull requests

About

Cntlm image for docker

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published