|
1
|
#
|
|
2
|
# Cntlm Authentication Proxy Configuration
|
|
3
|
#
|
|
4
|
# NOTE: all values are parsed literally, do NOT escape spaces,
|
|
5
|
# do not quote. Use 0600 perms if you use plaintext password.
|
|
6
|
#
|
|
7
|
|
|
8
|
#Username testuser
|
|
9
|
Domain %%nom_domaine_smb
|
|
10
|
#Password password # Use hashes instead (-H)
|
|
11
|
#Workstation netbios_hostname # Should be auto-guessed
|
|
12
|
|
|
13
|
%for %%num_int in range(1, %%int(%%nombre_interfaces))
|
|
14
|
%set %%proxy_link = 'adresse_ip_eth' + %%str(%%num_int) + '_proxy_link'
|
|
15
|
%if %%is_defined(%%proxy_link) and not %%is_empty(%%getVar(%%proxy_link))
|
|
16
|
Proxy %%getVar(%%proxy_link):3128
|
|
17
|
%end if
|
|
18
|
%end for
|
|
19
|
#
|
|
20
|
# This is the port number where Cntlm will listen
|
|
21
|
#
|
|
22
|
Listen 3127
|
|
23
|
|
|
24
|
#
|
|
25
|
# If you wish to use the SOCKS5 proxy feature as well, uncomment
|
|
26
|
# the following option, SOCKS5. It can be used several times
|
|
27
|
# to have SOCKS5 on more than one port or on different network
|
|
28
|
# interfaces (specify explicit source address for that).
|
|
29
|
#
|
|
30
|
# WARNING: The service accepts all requests, unless you use
|
|
31
|
# SOCKS5User and make authentication mandatory. SOCKS5User
|
|
32
|
# can be used repeatedly for a whole bunch of individual accounts.
|
|
33
|
#
|
|
34
|
#SOCKS5Proxy 8010
|
|
35
|
#SOCKS5User dave:password
|
|
36
|
|
|
37
|
#
|
|
38
|
# Use -M first to detect the best NTLM settings for your proxy.
|
|
39
|
# Default is to use the only secure hash, NTLMv2, but it is not
|
|
40
|
# as available as the older stuff.
|
|
41
|
#
|
|
42
|
# This example is the most universal setup known to man, but it
|
|
43
|
# uses the weakest hash ever. I won't have it's usage on my
|
|
44
|
# conscience. :) Really, try -M first.
|
|
45
|
#
|
|
46
|
Auth LM
|
|
47
|
#Flags 0x06820000
|
|
48
|
|
|
49
|
#
|
|
50
|
# Enable to allow access from other computers
|
|
51
|
|
|
52
|
Gateway yes
|
|
53
|
|
|
54
|
NTLMToBasic yes
|
|
55
|
|
|
56
|
#
|
|
57
|
# Useful in Gateway mode to allow/restrict certain IPs
|
|
58
|
#
|
|
59
|
#Allow 127.0.0.1
|
|
60
|
#Deny 0/0
|
|
61
|
|
|
62
|
#
|
|
63
|
# GFI WebMonitor-handling plugin parameters, disabled by default
|
|
64
|
#
|
|
65
|
#ISAScannerSize 1024
|
|
66
|
#ISAScannerAgent Wget/
|
|
67
|
#ISAScannerAgent APT-HTTP/
|
|
68
|
#ISAScannerAgent Yum/
|
|
69
|
|
|
70
|
#
|
|
71
|
# Headers which should be replaced if present in the request
|
|
72
|
#
|
|
73
|
#Header User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)
|
|
74
|
|
|
75
|
#
|
|
76
|
# Tunnels mapping local port to a machine behind the proxy
|
|
77
|
#
|
|
78
|
#Tunnel 11443:remote.com:443
|
|
79
|
|