Eclipse through Ntlm proxy using cntlm

Summary

Latest Eclipse version (LUNA, MARS) are not always able to access internet through an NTLM proxy.

This makes updating Eclipse or installing a new feature pretty impossible.

When the web proxy requires NTLM authentication, Eclipse fails to connect and returns a authentication
error message even with various configurations:
– using native proxy support fails
– using manual settings (and providing my Windows domain, username, password) fails.

Typical error:

Some sites could not be found.  See the error log for more detail.
HTTP Proxy Authentication Required:<a href="http://download.eclipse.org/releases/mars/content.xml">http://download.eclipse.org/releases/mars/content.xml</a>
Proxy Authentication Required
HTTP Proxy Authentication Required:<a href="http://download.eclipse.org/eclipse/updates/4.5/content.xml">http://download.eclipse.org/eclipse/updates/4.5/content.xml</a>
Proxy Authentication Required
HTTP Proxy Authentication Required:<a href="http://download.eclipse.org/webtools/repository/mars/content.xml">http://download.eclipse.org/webtools/repository/mars/content.xml</a>
Proxy Authentication Required
HTTP Proxy Authentication Required:<a href="http://download.eclipse.org/mylyn/releases/mars/content.xml">http://download.eclipse.org/mylyn/releases/mars/content.xml</a>
Proxy Authentication Required

In preceding versions, I was able to make Eclipse work by using options in the ‘Eclipse.ini’ file but this do not work anymore.

Another workaround consist to replace the version of HTTPClient library of eclipse (either direcly by changing a jar or by installing – offline- a custom plugin that does it for us. I would not recommend this solution. It helps first later conflicts with updates or additional package.

Bug references here:
– Bug ID + link

Using CNTML as a local proxy

CNTML ([http://cntlm.sourceforge.net/])is a small local proxy, that is able to authenticate you against the Enterprise NTLM proxy once for all and forward your requests without additional authentication.

It appears that Ecplise is ablte to traverse an NTLM proxy but not to authenticate against it.

I deploy CNTML on a local machine, provide it with my NTLM crendentials and the target enterprise proxy.
– CNTML is started and listen to localhost:3128
– Eclipse is configured to send traffic to localhost:3128
– CNTML authenticate against corporateProxy:3128
– CNTML forwards requests to corporateProxy:3128
– … Eclipse gets the response.

CNTML setup

Plenty of detailled examples through the web, see [http://stormpoopersmith.com/2012/03/20/using-applications-behind-a-corporate-proxy/] for windows.

A summary:

  • DL/Install CNTML
  • Update cntlm.ini (or /etc/cntml.conf)
      * Add target proxy + port
      * Restrict to localhost
      * update username, domain , do not provide clear password there (exept for test)

  • run cntlm -c cntlm.ini -I -M <a href="http://google.com/">http://google.com</a> to be prompted for password

  • cntml return hashed password, store it to cntml.ini

sample CNTLM sartup bat

Use the following bat file if cannot setup a service.

set cntlmexe=C:\apps\cntlm-0.92.3\cntlm.exe
set cntlmconf=C:\apps\cntlm-0.92.3\cntlm.ini

REM ------------- start normally and verbose
%cntlmexe% -v -c %cntlmconf%

REM ------------- start with password prompt to produce a hash
REM %cntlmexe% -v -I -H -c %cntlmconf%

REM ------------- start with password prompt to test
REM %cntlmexe% -I -c %cntlmconf% -M<a href="http://www.google.com/">http://www.google.com</a>
pause

Configure Eclipse to use local proxy

Set up Eclipse to use localhost:3128 as a proxy.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.