apt-get behind NTLM proxy

apt-get seems to not want to work when sat behind a proxy server that uses NTLM authentication.

For configuration of yum see here

To get apt-get to work you must pass it through another proxy that passes the credentials properly

This is done via cntlm

Download the relevant package and install in the normal way.

For debian dpkg -i package_name

Details of the software can be found here but the basic setup is as such

We configure cntlm to listen on a port on the local server, this then passes the credential to the proxy server with the correct credentials.

We then configure apt-get to use the local server proxy.  All will be come clear when you look at the install instructions.

To start

configure the following file with an editor.  remember to sudo if you are not root.

vi /etc/cntlm.conf

Change the following entries





Add the proxy server address of your network

Proxy                                   x.x.x.x:port number

Note that if you proxy listens on port 80 you must put port 80 in the port number

Change the port number

Listen          I set mine to port 8000 but you can set it to anything

To test if everything is ok

cntlm -T cntlm.txt -v -f -s

Read the file to determine if the proxy is OK to start on the port selected

cat cntlm.txt

It will have an error if the listener can not be started

You will have to remove the file if you wish to rerun the command again

If you need to stop and start the proxy then

./etc/inid.d/cntlm stop

./etc/inid.d/cntlm start

Now we have to configure apt-get to use this proxy

cd /etc/apt

vi apt.conf

and the following line (this is based on that you choose port 8000 for the listening port)

Acquire::http::Proxy “”;

There have been some issues with header files waiting add the following file

vi /etc/apt/apt.conf.d/piplining-off.conf

Add the following line

Acquire::http::Pipeline-Depth “0”;

Try to run apt-get update, this should now work.

If it fails remeber to start cntlm as per the instructions above.

To get wget working, you must point the proxy at the cntlm configuration

export http_proxy=http://<user>:<password>@<proxy-server-ip>:<port>
export ftp_proxy=http://<user>:<password>@<proxy-server-ip>:<port>

Therefore to get this working the command would be


export http_proxy=http://localhost:8080

This can be added to the /~ .bashrc file so that this command does not have to be issued



5 Comments on “apt-get behind NTLM proxy”

  1. […] update behind NTLM proxy by survivalguides on August 13, 2010 Please see here for the software to download for this to work and an outline of how to configure the […]

  2. pierre says:

    thanx got it working

  3. Pierre says:

    Thank you SO MUCH for this post. It’s working perfectly !!

  4. Jan says:

    On Debian 7 Wheezy you need to put this in /etc/apt/apt.conf.d/70debconf

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s