How to Install and Configure Cntlm Proxy on Linux and Windows

Installation

On Debian‑based systems install cntlm with the package manager: sudo apt install cntlm On other Linux distributions the process is similar. Cntlm is also available for Windows and can be installed via choco:

choco install cntlm

Configuration

After installation the default configuration file is /etc/cntlm.conf. Edit it to set your credentials and proxy information. A minimal example:

Username    USERNAME
Domain      COMPANY_DOMAIN
Password    ********

Proxy       proxy.company.com:8080
Proxy       proxy2.company.com:8080

NoProxy     localhost, 127.0.0.*, 10.*, 192.168.*, .company.com

Listen      3128

Note: Replace USERNAME, DOMAIN, and proxy addresses with values that match your environment. If you obtain the NTLM hash in the next step, the Password line can be omitted.

To allow other machines to use the proxy, add Gateway yes to the file. Gateway yes You can also restrict external access with Allow and Deny lists:

Allow       127.0.0.1
Deny        0/0

Obtaining Auth

After editing the configuration, run cntlm in verbose mode to retrieve the NTLM hashes:

sudo cntlm -vc /etc/cntlm.conf -M http://baidu.com

The output includes PassNT and PassLM values.

Adding Auth to Configuration

Insert the retrieved hashes into /etc/cntlm.conf:

Auth            NTLM
PassNT          7FA051B4B85F0E7EEBB24D3CD73E52B9
PassLM          23A1E1A7276E84EA4846D4C9FF957C31

Reload or Restart

When installed from a package, cntlm is managed by systemd and starts on boot. Reload the service to apply changes: sudo systemctl reload cntlm If reloading does not take effect, restart the service:

sudo systemctl restart cntlm