My notebook uses MacOS, and already set up http(s) proxy inside the Network Preferences, but always failed to install any packages when running npm install in the terminal, it popped up the error 407 Proxy Authentication Required.
So I installed the cntlm and applied the correct configuration.
Below is the test and it seems pass (return HTTP Code 200):
cntlm -c /usr/local/etc/cntlm.conf -I -M http://registry.npmjs.org/vue
Password:
Config profile 1/4... OK (HTTP code: 200)
----------------------------[ Profile 0 ]------
Auth NTLMv2
PassNTLMv2 28B089518C6573274C6B9D83D0XXXXXX
When I ran npm i vue-cli -g, cntlm did receive the request as below:
cntlm -c /usr/local/etc/cntlm.conf -f
Oct 15 15:12:29 cntlm[17646] <Info>: Cntlm ready, staying in the foreground
Oct 15 15:12:38 cntlm[17646] <Info>: Using proxy company-proxy:80
Oct 15 15:12:38 cntlm[17646] <Debug>: 127.0.0.1 GET http://registry.npmjs.org/nexe
But nodejs threw out below exceptions:
npm i vue-cli -g
npm ERR! code E407
npm ERR! 407 Proxy Authentication Required ( Forefront TMG requires authorization to fulfill the request. Access to the Web Proxy filter is denied. ): vue-cli#latest
npm ERR! A complete log of this run can be found in:
npm ERR! /Users/****/.npm/_logs/2018-10-15T23_13_47_019Z-debug.log
It confused me: because the test is PASS, but why the cntlm still failed to connect to npmjs.org?
Finally find out the solution:
don't use plain text password ( add one # at the beginning of the Password line, like change Password XXX to #Password XXX)
use PassLM, PassNT, PassNTLMv2 instead (it seems hash values will prevent from auth handshake mechanism again, which should mean you are on behalf of the applications with logged in Windows user account).
The default cntlm configuration file already introduces the steps how to generate them.
My steps are as below:
execute cntlm -H -d your_domain -u your_username
then it prompts password, fill in your password then hit Enter:
The output will be like below:
Password:
PassLM F5314AF8A2DB16BDB7EE9FA6CFC5BC9A
PassNT 4EC02E0D65F8F0C1A9386C69CB6A2555
PassNTLMv2 28B089518C6573274C6B9D83D0EB8651
paste above hash values to the relevant fields in the configuration file.
save then restart cntlm, it works.
Related
What I want to achieve:
I want to create private/local npm package repository using couchdb. It should allow me and other users to first, set registry
-npm set registry http://localhost:5984/registry and then to be able to make npm login and npm adduser or at least to login with predefined user.
Problem:
I'm not able to make npm login or npm adduser so that user is registered and allowed to publish/install packages. If I create the user in the _users database and give him permission to a registry database, npm login / npm adduser will fail with 401 Unauthorized - PUT http://localhost:5984/registry/-/user/org.couchdb.user:npm - unauthorized , same will happen if I dont create user first and try to create one with npm adduser.
What am I missing? How can I make that npm login / npm adduser work with my couchdb registry database?
NOTE: I am aware of some other solutions like verdaccio, but I do not want to use it.
What I managed to do:
I created couchdb with private-registry database, it is accessible via browser or simple curl requests. It works if I make my own _auth encoding. Basically this:
echo -n "username:password" | base64. And then update my .npmrc file with something like this:
//localhost:5984/registry/:_auth="dGVzdDp0ZXN0". After that I can normally publish/install packages to/from my local registry. But this is not solution I like because it requires some extra manual steps to update .npmrc.
versions:
npm: 9.5.0
couchdb:latest, 3, 3.3, 3.3.1
I've tried all these answers, but none of them work.
I have the proxy configured in the .gitconfig file too, but this is working, and in npm, when I'm trying to install or publish a package, I get the error;
407 Proxy Authentication Required - GET https://registry.npmjs.org/mocha
or
407 Proxy Authentication Required - PUT https://registry.npmjs.org/my-packaje
.npmrc file:
proxy=http://user:password#proxy:8080/
Without username and password it works:
proxy=http://proxy:8080/
I am trying to run node.js but cannot install any packages as npm is blocked. I have tried the solutions here: How to fill in proxy information in cntlm config file?, and here: NPM behind NTLM proxy and still received errors. I have tripled checked that I have followed the instructions and my ini has the same configuration as the instructions.
My next step is to ask the security team to allow npm access through the firewall, but I cannot see any documentation about this. What do I need to tell the security team?
Note: I am aware of npm Enterprise but I think before I get to that step I need to get established with npm.
Yeah, in your simplest case all you need to do is one of these
npm config set proxy http://company.com:8000
or
npm config set https-proxy http://company.com:8000
where http://company.com:8000 is your proxy server and port
(note the - dash, not _ underscore)
Also can you test access to http://registry.npmjs.org the npm registry from that machine.
Additionally your package.json also contains dependencies that require the pulling of a git repository code. You may (most likely will) need to configure git to use a proxy as well.
If you come here searching for an iptables rule:
If you want to allow only npm traffic for a certain user, the following might work:
iptables -I OUTPUT 1 -p tcp -m owner --uid-owner <username> -d registry.npmjs.org --dport 443 -j ACCEPT
I am trying to install bower
npm install -g bower
but am getting an authentication error from our proxy
...
npm http 407 http://registry.npmjs.org/bower
...
Error Code: 407 Proxy Authentication Required.
...
I am trying to get npm working behind a corprate proxy. I think our proxy is a little weird because the only way I was able to get maven downloading packages was to add wagon-http-lightweight.jar as a maven extension.
http://maven.apache.org/wagon/wagon-providers/wagon-http-lightweight/
I have tried all the regular things as described here:
Is there a way to make npm install (the command) to work behind proxy?
(I don't need to supply authentication details in my maven proxy settings).
npm config set registry http://registry.npmjs.org/
npm config set proxy http://myusername:mypassword#proxy.us.somecompany:8080
npm config set https-proxy http://myusername:mypassword#proxy.us.somecompany:8080
npm config set strict-ssl false
What else can I try?
Can try this....working for me.
Open IE (Chrome did not work for me).
Hit the URL http://registry.npmjs.org
it will download json output if successful.
Now go back to command prompt and try npm install.
I was able to get this working by installing a local proxy:
NPM behind NTLM proxy
Use fiddler http://www.telerik.com/fiddler
Install and run and that's it, everything will run as it is supposed to. I spent half a day cracking my head on this
Edit: I honestly have no idea if it was fiddler or something else I tried that fixed it (it is mostly the latter) but you should try setting registry, http-proxy, proxy and strict-ssl
When authentication is required for the HTTP proxy:
Fiddler can be configured to authenticate with the corporate HTTP proxy using NTLM or other protocols. Leave the existing auto authenticate options/rules defaults in place. Instead, go to this setting from the menu bar:
Tools > Telerik Fiddler Options > Connections tab
Click on the Allow remote computers to connect checkbox. You will see a dialog explaining the consequences of enabling this option. Restart Fiddler and update the .npmrc file as shown above. Whenever you need npm to access the registry site just run Fiddler. This setting won't affect the way Fiddler runs for other captures.
I have the same issue.
The root cause is my password contains a special character '#', when I npm set config proxy, the character become '#' in .npmrc file, so I change my password to remove the special character and it's working fine.
If your password does not contains special characters, just use syntax command below, it will work.
npm config set strict-ssl=false
npm config set proxy http://<username>:<password>#<proxy-server-url>:<port>
npm config set https-proxy http://<username>:<password>#<proxy-server-url>:<port>
Thanks,
Is it possible to run npm install behind an HTTP proxy, which uses NTLM authentication? If yes, how can I set the server's address and port, the username, and the password?
I solved it this way (OS: Windows XP SP3):
1. Download CNTLM installer and run it.
2. Find and fill in these fields in cntlm.ini. Do not fill in the Password field, it's never a good idea to store unencrypted passwords in text files.
Username YOUR_USERNAME
Domain YOUR_DOMAIN
Proxy YOUR_PROXY_IP:PORT
Listen 53128
3. Open console, and type these commands to generate password hashes.
> cd c:\the_install_directory_of_cntlm
> cntlm -H
Password: ...type proxy password here...
PassLM D6888AC8AE0EEE294D954420463215AE
PassNT 0E1FAED265D32EBBFB15F410D27994B2
PassNTLMv2 91E810C86B3FD1BD14342F945ED42CD6
4. Copy the above three lines into cntlm.ini, under the Domain field's line. Once more, do not fill in the Password field. Save cntlm.ini.
5. Open the Service Manager (from command line: services.msc), and start the service called "CNTLM Authentication Proxy".
6. In the console, type these lines:
> npm config set proxy http://localhost:53128
> npm config set https-proxy http://localhost:53128
> npm config set registry https://registry.npmjs.org
7. Now npm view, npm install etc. should work. Example:
> npm view qunit
...nice answer, no errors :)
CNTLM answer was working for me, but with connection errors make npm unusable. I've fixed them by adding this header in CNTML.
Header Connection: close
Another alternative is to use Px for Windows which talks NTLM on your behalf like Cntlm and NTLMAps without having to provide your credentials. It uses the logged in user's credentials via SSPI.
Rather than running CNTLM, you could instead try running Fiddler when you need to use npm. I've found this works in fairly locked down environments (e.g. investment banks). It's also a tool that is fairly easy to make a business case for (if you need to) since it's invaluable for checking/creating/altering HTTP traffic.
I've had to go this route before due to usage of smartpass authentication - i.e. we didn't actually have passwords. At those locations setting up CNTLM would have been impossible.
You can pass the settings as parameters:
npm --proxy=http://username:password#proxyserver:port --proxy-https=http://username:password#proxyserver:port --registry=http://registry.npmjs.org/ install whateveryouwanttoinstall
CNTLM didn't work for me. I tried all possible combinations. NPM was giving Authentication error. Fiddler came for rescue and saved my time. It is easy to install and configure. Set Fiddler Rule to Automatically Authenticated.In .npmrc set these
registry=http://registry.npmjs.org
proxy=http://127.0.0.1:8888
https-proxy=http://127.0.0.1:8888
http-proxy=http://127.0.0.1:8888
strict-ssl=false
It worked for me :)
Another Fiddler Option:
A second way to make Fiddler act as an HTTP proxy for NTLM and other protocols is to leave the auto authenticate options/rules defaults in place and go to this setting from the menu bar:
Tools > Telerik Fiddler Options > Connections tab
Click on the Allow remote computers to connect checkbox. You will see a dialog explaining the consequences of enabling this option. Restart Fiddler and update the .npmrc file as shown above. Whenever you need npm to access the registry site just run Fiddler. This setting won't affect the way Fiddler runs for other captures.
Open your .npmrc file in C:\users\username\ folder using notepad
Add the below lines..
Replace domain, username, pwd, servername with your correct values
Try to install or get packages now
If trying from Vs2017, close and reopen VS IDE, then only it works
proxy=http://DOMAIN%5CUSERNAME:PWD#proxy.servername.com:6050
https-proxy=http://DOMAIN%5CUSERNAME:PWD#proxy.servername.com:6050
http-proxy=http://DOMAIN%5CUSERNAME:PWD#proxy.servername.com:6050
strict-ssl=false
CNTLM worked for me as suggested by KOL. Thanks KOL for that. Just wanted to add that there are some oddities in individual proxies because of which the password may not be acceptable when using simple cntlm -H.
Use cntlm -I -M http://test.com and copy the below config after erasing older configs and you should be through.
The output is like
---------------------------------------------------
Auth NTLM
PassNT 8EE9B595A89F7D8774C2146FB302CBCF
PassLM 78901DA9889727EDE28EF9F2769485B9
----------------------------------------------------