NPM behind NTLM proxy

Asked 2/9, 2013 at 8:49 Answered 16/4, 2018 at 10:2

Is it possible to run npm install behind an HTTP proxy, which uses NTLM authentication? If yes, how can I set the server's address and port, the username, and the password?

Millimicron answered 2/9, 2013 at 8:49 Comment(0)

136

I solved it this way (OS: Windows XP SP3):

1. Download CNTLM installer and run it.

2. Find and fill in these fields in cntlm.ini. Do not fill in the Password field, it's never a good idea to store unencrypted passwords in text files.

Username    YOUR_USERNAME
Domain      YOUR_DOMAIN
Proxy       YOUR_PROXY_IP:PORT
Listen      53128

3. Open console, and type these commands to generate password hashes.

> cd c:\the_install_directory_of_cntlm
> cntlm -H
Password: ...type proxy password here...
PassLM          D6888AC8AE0EEE294D954420463215AE
PassNT          0E1FAED265D32EBBFB15F410D27994B2
PassNTLMv2      91E810C86B3FD1BD14342F945ED42CD6

4. Copy the above three lines into cntlm.ini, under the Domain field's line. Once more, do not fill in the Password field. Save cntlm.ini.

5. Open the Service Manager (from command line: services.msc), and start the service called "CNTLM Authentication Proxy".

6. In the console, type these lines:

> npm config set proxy http://localhost:53128
> npm config set https-proxy http://localhost:53128
> npm config set registry https://registry.npmjs.org

7. Now npm view, npm install etc. should work. Example:

> npm view qunit
...nice answer, no errors :)

Millimicron answered 2/9, 2013 at 9:49 Comment(12)

You can start cntlm directly from the command line with net start cntlm – Exoskeleton 19/12, 2013 at 11:29

For using NTLM authorization with CNTLM, follow below instructions: 1. After step-2, run this commandline command cntlm -I -M google.co.in 2. Prompts for domain password - copy it into cntlm.ini and restart service 3. Generates following password hash Auth NTLM PassNT XXXXXXXXXXXXXXXXXXXXXXXXXX PassLM XXXXXXXXXXXXXXXXXXXXXXXXXX – Anyaanyah 17/2, 2014 at 12:27

found link where it explained in detail https://mcmap.net/q/102030/-how-to-fill-in-proxy-information-in-cntlm-config-file – Anyaanyah 18/2, 2014 at 11:12

great solution thanks, one note - on point 6 above the address url should be prefixed with http rather than https – Indochina 26/8, 2014 at 13:45

For anyone who does not like to use windows service or have information in INI file, here is another way: download a portalbe version; remove domain/username/password completely from INI file; start the tool from command line by using cntlm -c cntlm.ini -v -a ntlm -I (sure you can create a bat file to wrap it); enter your password every time you start the tool. – Helotism 13/1, 2015 at 16:36

To fix connection errors on some NTLM proxies, configure this header in Cntml : "Header Connection: close" – Propitiatory 7/5, 2015 at 9:12

if you need to debug connections or check if your config is correct, start it with cntlm -c cntlm.ini -v it will stay in the foreground (cmd line) and will give lot's of useful information. – Quartz 20/12, 2016 at 17:39

why changing the registry? what is the problem with default one(s) ? – Anabal 9/2, 2017 at 7:38

@MichalBernhard Not sure if this is the correct answer, but I noticed when the registry was set to default (https://registry.npmjs.org) npm install <pkg>@<version> would "get stuck" on an operation like: fetchMetadata: http fetch GET 304 https://registry.npmjs.org/isurl 280ms (from cache) or fetchMetadata: sill resolveWithNewModule [email protected] checking installable status. Once I changed the registry as suggested in the answer, everything worked fine. – Valenba 18/7, 2017 at 18:47

Not working in Windows 10. Getting this error:

npm ERR! code E418 npm ERR! 418 I'm a teapot - GET http://registry.npmjs.org/create-react-app - got unknown host (registry.npmjs.org:80)  npm ERR! A complete log of this run can be found in: npm ERR!     C:\Users\faizanmubasher\AppData\Roaming\npm-cache\_logs\2019-08-22T07_22_44_767Z-debug.log Install for create-react-app@latest failed with code 1

– Vocalist 22/8, 2019 at 7:29

I got the same issue as Faizan Mubasher directly above - solution found here. @Millimicron - Would suggest updating the post to set the registry to https://registry.npmjs.org. – Rexanne 27/11, 2019 at 12:51

@SteveChambers Done. Thanks. – Millimicron 27/11, 2019 at 13:14

Another alternative is to use Px for Windows which talks NTLM on your behalf like Cntlm and NTLMAps without having to provide your credentials. It uses the logged in user's credentials via SSPI.

Genia answered 19/8, 2016 at 20:5 Comment(4)

Gave this a go and it worked well- as good as CNTLM. No more hashed password management! I like it. – Baughman 22/12, 2016 at 11:17

Thx for your work on this tool! This should definitely be the answer to this thread! I was unable to make cntlm worked, my credentials were always rejected by the proxy (407). Px works like a charm! – Eckblad 13/1, 2017 at 14:32

Hell yeah! This great tool! And npm work great with px, when cntlm hangs. – Definitely 13/7, 2018 at 9:38

PX worked for me, while CNTLM didn't. PX also worked smoothly with maven, IntelliJ and JVM's in general. – Genetics 18/4, 2019 at 14:2

CNTLM answer was working for me, but with connection errors make npm unusable. I've fixed them by adding this header in CNTML.

Header      Connection: close

Propitiatory answered 7/5, 2015 at 9:14 Comment(3)

Hi Toilal, is that header needed when you do many requests via npm install because then 20 times npm stops due to network problems... will that fix the problem when you do an initial npm install after check out a repo? – Flexed 17/12, 2019 at 20:46

@Flexed seems so. (old answer, I don't have to use CNTML anymore) – Propitiatory 28/1, 2020 at 13:5

I use the python proxy px now, works much better/more stable! – Flexed 31/1, 2020 at 16:11

Rather than running CNTLM, you could instead try running Fiddler when you need to use npm. I've found this works in fairly locked down environments (e.g. investment banks). It's also a tool that is fairly easy to make a business case for (if you need to) since it's invaluable for checking/creating/altering HTTP traffic.

I've had to go this route before due to usage of smartpass authentication - i.e. we didn't actually have passwords. At those locations setting up CNTLM would have been impossible.

Exoskeleton answered 29/8, 2014 at 15:10 Comment(2)

I was having trouble getting this to work until I enabled the rule Automatically Authenticate – Thrice 8/10, 2014 at 15:34

You saved me! Thank you so much. – Vala 13/1, 2021 at 5:15

You can pass the settings as parameters:

npm --proxy=http://username:password@proxyserver:port --proxy-https=http://username:password@proxyserver:port --registry=http://registry.npmjs.org/ install whateveryouwanttoinstall

Krystalkrystalle answered 31/1, 2014 at 10:5 Comment(4)

This is Basic Authentication, not NTLM. – Millimicron 7/5, 2015 at 11:3

@kol, that's true, but the proxies that use NTLM auth, frequently, allow basic auth too. In my opinion, the issue with this method is the storage of its personal password in the NPM configuration. – Calle 30/9, 2015 at 8:52

is it not https-proxy instead of proxy-https? – Lapotin 8/1, 2018 at 12:43

I downvoted because this is basic auth, and it is NOT TRUE that most ntlm proxies also allow basic auth. This is completely up to the sysadmins to decide and not some default that is usually "true". – Genetics 16/4, 2019 at 15:11

CNTLM didn't work for me. I tried all possible combinations. NPM was giving Authentication error. Fiddler came for rescue and saved my time. It is easy to install and configure. Set Fiddler Rule to Automatically Authenticated.In .npmrc set these

registry=http://registry.npmjs.org
proxy=http://127.0.0.1:8888
https-proxy=http://127.0.0.1:8888
http-proxy=http://127.0.0.1:8888
strict-ssl=false

It worked for me :)

Another Fiddler Option:

A second way to make Fiddler act as an HTTP proxy for NTLM and other protocols is to leave the auto authenticate options/rules defaults in place and go to this setting from the menu bar:

Tools > Telerik Fiddler Options > Connections tab

Click on the Allow remote computers to connect checkbox. You will see a dialog explaining the consequences of enabling this option. Restart Fiddler and update the .npmrc file as shown above. Whenever you need npm to access the registry site just run Fiddler. This setting won't affect the way Fiddler runs for other captures.

Haws answered 29/4, 2016 at 5:1 Comment(1)

You could still use cntlm, you just need to set those proxy lines as whatever the listen port is in your cntlm.ini file. CNTLM would be necessary if you were authenticating to the proxy with credentials – Distract 16/11, 2016 at 2:22

Open your .npmrc file in C:\users\username\ folder using notepad
Add the below lines..
Replace domain, username, pwd, servername with your correct values
Try to install or get packages now

If trying from Vs2017, close and reopen VS IDE, then only it works

proxy=http://DOMAIN%5CUSERNAME:[email protected]:6050   
https-proxy=http://DOMAIN%5CUSERNAME:[email protected]:6050  
http-proxy=http://DOMAIN%5CUSERNAME:[email protected]:6050   
strict-ssl=false

Schroeder answered 16/4, 2018 at 10:2 Comment(1)

This worked for me. All I have to do is urlencode the values. My password had some special characters. – Zolly 13/8, 2018 at 6:44

CNTLM worked for me as suggested by KOL. Thanks KOL for that. Just wanted to add that there are some oddities in individual proxies because of which the password may not be acceptable when using simple cntlm -H.

Use cntlm -I -M http://test.com and copy the below config after erasing older configs and you should be through.

The output is like

---------------------------------------------------
Auth            NTLM
PassNT          8EE9B595A89F7D8774C2146FB302CBCF
PassLM          78901DA9889727EDE28EF9F2769485B9
----------------------------------------------------

Maisiemaison answered 2/6, 2016 at 5:9 Comment(0)

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags