[ACCEPTED]-Does git clone work through NTLM proxies?-ntlm
Default NTLM credentials
In order to use default NTLM credentials, provide 3 an empty username and password
git config --global http.proxy https://:@proxy:port
Firewall Client for ISA Server
Instead of 2 setting proxy for git, npm, etc. you can 1 use Firewall Client for ISA Server from Microsoft. After installation:
Start > Autostart > Microsoft Firewall Client Management
Settings tab > Manual specified ISA Server > proxy:port
Web Browser tab > Uncheck "Enable web browser automatic configuration."
Git supports NTLM proxy authentication from 5 version 1.7.10 onwards, relevant commit is https://github.com/gitster/git/commit/dd6139971a18e25a5089c0f96dc80e454683ef0b
1.7.10 release notes briefly 4 mentioned it as:
* HTTP transport learned to authenticate with a proxy if needed.
I've successfully tested 3 it with the proxy at my workplace which 2 is NTLM and requires user/pass, you can 1 test yourself with following commands:
git config --global http.proxy http://user:email@example.com:port git clone http://git.videolan.org/git/bitstream.git
Cloning works for me but only over HTTP 4 (since our corporate firewall blocks the 3 ssh/git protocols):
$ export http_proxy="http://username:password@proxy:port/" $ git clone http://github.com/sunlightlabs/fiftystates_site.git fifty Initialized empty Git repository in /home/user/fifty/.git/ got e15f5192b923d8e87abaeb9406d0f4d80403da09 walk e15f5192b923d8e87abaeb9406d0f4d80403da09 got a78b792191f1cf5e961753dcfe05e9c809bdb0ed got 76e6e86e72a0f998f7663da69ca49c457a302e27 walk 76e6e86e72a0f998f7663da69ca49c457a302e27 got 35b68a3b876fb90e73ba7a7eb51432e825ef2aa3 ...
Github suggests cloning 2 via
git://github.com/... but you have to change it to
Edit: I'm 1 using git version 188.8.131.52.
Hope that helps!
AndreaG (in a comment above) has the only 17 acceptable answer to this problem that I 16 can find. It seems that Git just won't 15 work with NTLM proxies even though it really 14 should because cURL (which it uses underneath) does 13 work just fine. Why this issue can't be 12 fixed I have no idea. It seems to be 11 a fairly common issue.
The solution, in full 10 then, is to use ntlmaps to act as a proxy 9 to the proxy. All you need to do is 8 to download the latest version of the app 7 from: http://ntlmaps.sourceforge.net/
Change the config file to include 6 your authentication and proxy details and 5 then set the proxy to be your new local 4 one:
git config --global http.proxy http://localhost:5865
I can confirm that it works just fine. Not 3 only that you can use it for any app that 2 requires NTLM authentication but does not 1 provide full NTLM support.
You can also use cntlm,
A solution similar 12 to ntlmaps but written in pure C. It works 11 in the same way as ntlmaps by creating a 10 local proxy server (127.0.0.1) at a port 9 (3128 default) on your machine. This new 8 locally created proxy server does not require 7 any authentication and thus can be used 6 with any application that supports http 5 proxy. It can also create a local socks 4 proxy if you need one.
The main advantage 3 over ntlmaps which is written in python, is 2 that cntlm has very low CPU and RAM usage, typically 1 <2%.
Since this was a question I kept finding 36 on my search to make this work, I'll add 35 my answer here.
I needed to get access to 34 a github.com hosted repo working via an 33 http(s) proxy (that requires NTLM authentication) on 32 one network, and have it still work when 31 on a normal internet connection, from our 30 Mac OS X dev machines.
Here is how I made 29 it work. This won't work for every git hosting 28 provider, but I'm posting in case it helps 27 you figure this out. This is also only for 26 Mac OS X, but if you figure out how to run 25 something on network change for your system, the 24 rest should follow.
I had to use
git clone firstname.lastname@example.org:user/repo.git after setting 23 up ssh access as normal (http://help.github.com/mac-set-up-git/).
I 22 then needed to setup a local http(s) proxy 21 that handles the NTLM authentication, such 20 as ntlmaps, cntlm or Authoxy. I've tested 19 with Authoxy. I'll leave configuring this 18 to you, because you'll need to know your 17 own proxy details.
You'll also need corkscrew, which 16 is just
sudo port install corkscrew if you have MacPorts.
Then I added 15 the following to
Host github.com.disabled User git HostName ssh.github.com Port 443 ProxyCommand /opt/local/bin/corkscrew localhost 6574 %h %p
Where 6574 is the TCP 14 port I set Authoxy to listen on.
Now I created 13 a script that tries to find the http(s) proxy 12 server, and configures the ssh setup according 11 to what it finds, at
#!/bin/sh set -o nounset set -o errexit sleep 10 # allow for WiFi to actually connect. # if we can find the proxy server, then use it. if ! host proxy.internal.network; then echo "Proxy server not found, clearing http(s) proxy"; sed -i '.backup' -E 's/^Host github.com$/Host github.com.disabled/' "$HOME/.ssh/config" else echo "Proxy server found, setting http(s) proxy"; sed -i '.backup' -E 's/^Host github.com.disabled$/Host github.com/' "$HOME/.ssh/config" fi echo "Done."
Don't forget to
chmod +x /usr/local/bin/locationchanger.
Now 10 create
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>Label</key> <string>tech.inhelsinki.nl.locationchanger</string> <key>ProgramArguments</key> <array> <string>/usr/local/bin/locationchanger</string> </array> <key>WatchPaths</key> <array> <string>/Library/Preferences/SystemConfiguration</string> </array> </dict> </plist>
launchctl load ~/Library/LaunchAgents/LocationChanger.plist. This launchd job will 9 run whenever the network changes. If it 8 can find your internal network http(s) proxy 7 server, it will make ssh use corkscrew to 6 work through Authoxy, which will handle 5 working through the company proxy. If it 4 can't find the proxy server, it will disable 3 the special ssh config, and you're working 2 just like normal.
Now our team doesn't have 1 to think about network switching anymore.
git config --global http.proxyauthmethod basic
I had the same issue when git (curl) proxy 8 auth did not work. Credentials were right. Upgrade 7 to the latest git-v2.15.0 did not help.
The 6 issue was due to wrong proxy authentication 5 method chosen by git-libcurl.
The valid proxy_authmethod 4 options are defined in git source: https://github.com/git/git/blob/d0e9983980a25e0c398cc03342e5ad22ef85b8a8/http.c#L81
The proxyauthmethod 3 can be defined either through
GIT_HTTP_PROXY_AUTHMETHOD environment 2 variable or
http.proxyauthmethod git config option. Environment 1 variable overrides the config option value.
I've been using ntlmaps and been having 3 good results getting through windows/NT 2 proxies: http://ntlmaps.sourceforge.net/
The git configuration is:
git config 1 --global http.proxy http://localhost:5865
I have stumbled on a more easier and possibly 8 safer solution that works not just for git 7 but also any command based installers
- Rubygems in ruby
- npm in node
One 6 solution running all your traffic from command 5 line is proxied with authentiction.
Wont expose your password in the user:password@domain:port format
Download 4 Fiddler, It has a built in way to add authentication 3 headers to all requests.
Once running menu 2 Rules-> Automatically Authenticate (Tick 1 that)
Then for git
git config --global http.proxy http://localhost:8888 git config --global https.proxy http://localhost:8888
More Related questions