Configuring Git on Windows to use NTLM proxy authentication

Question

I'm trying to access a repository on Github from a Windows machine that is behind a proxy that requires NTLM authentication. Neither SSH nor the git:// protocol are directly available, so I'm trying to make this work with HTTPS through the proxy.

With the help of NTLM proxy without password? I have been able to make the curl binary supplied with msysgit play nice with the proxy:

curl -U : --proxy-ntlm --proxy xxx.xxx.xx.xx:8080 https://github.com

This is successful and returns the Github home page.

However, I found an article from Feb 2010 Proxying Git that states (emphasis mine):

Unfortunately it appears that curl will always use Basic authentication with the proxy. If your proxy needs something else, perhaps NTLM for a Windows network, then you have a problem. Curl is used to handle all the http transport details and this does support the NTLM authentication method but I know of no method to pass the necessary options to curl. Git makes use of curl via its library binding so it is not enought just to replace the curl executable with a wrapper script.

I know about the core.gitproxy option in the Git configuration, but that appears to only apply to the git:// protocol. Similarly, the http.proxy option sets the address of the proxy, but provides no way to supply the appropriate options to curl.

Answer 1

Try Cntlm. It's a proxy designed to sit between a program that doesn't understand NTLM (e.g., Git) and a proxy that requires NTLM. It does the NTLM authentication so that the app doesn't have to.

I haven't used it so I don't know how well it works.

Answer 2

I used CNTLM authentication proxy (although this would most likely also work for ntlmaps) so git could work and added the http and https proxy as http:// localhost:3218. Git would take a very long time to do any remote action like fetch, pull, or clone.

The fix for this was to switch to use this instead: http:// 127.0.0.1:3218

After this was changed in the .gitconfig it worked much faster.

NB: Remove the spaces between http:// and 127.0.0.1

Ex:

[http] proxy = http:// 127.0.0.1:3128 [https] proxy = http:// 127.0.0.1:3128

Answer 3

Thanks for @richard-hansen for pointing out Cntlm. It provides a non-windows adapter for windows proxy. Very neat.

Here are the exact steps that worked for me:

1. Download and install Cntlm for windows.
2. Open Cntlm.ini (It is in the installation folder.)
3. Update username, domain. Save it.
4. Run cntlm -I -M http://google.com from command line.
5. Cntlm will ask the password you will use for the proxy server. Give it. (Most likely it is your windows password)
6. Cntlm will identify authentication method and generate a key. Pick up that result. (e.g. NTLMv2 77B9081511704EE852F94227CF48A793)
7. Update Cntlm.ini with this info. (Uncomment appropriate authentication and update the key)
8. Save and close.
9. Now you need to start Cntlm proxy server. net start cntlm
10. Now update the application with Cntlm proxy info. For Cntlm it is, 127.0.0.1:3128 (This info is in ini file. If you want it different change it there). In case of git git config --global http.proxy 127.0.0.1:3128
11. git should work fine through the proxy now.

Good luck! Elaborate steps here.