Puppet Class: cntlm

Defined in:: manifests/init.pp

Summary

Installs, configures, and runs the cntlm service, for NTLM authenticated proxying.

Overview

cntlm

Installs, configures, and runs the cntlm service, for NTLM authenticated proxying.

Examples:

class { 'cntlm':
    cntlm_username => 'test_user',
    cntlm_domain   => 'test_domain',
    cntlm_password => 'test_password',
    cntlm_proxy    => ['localhost:8080'],
}

Parameters:

cntlm_username (String[1]) —

The username to use for proxy authentication.
cntlm_domain (String[1]) —

The domain to use for proxy authentication.
cntlm_proxy (Array[String[1]]) —

A list of parent proxies to use in format [‘proxy_ip:proxy_port’, …]
package_manage (Boolean) (defaults to: true) —

Whether to manage the cntlm package.
package_name (String[1]) (defaults to: 'cntlm') —

Specifies the cntlm package to manage.
package_ensure (String[1]) (defaults to: 'present') —

Whether to install the cntlm package, or a specific version to install. Values: ‘present’, ‘latest’, or a specific version.
service_manage (Boolean) (defaults to: true) —

Whether to manage the cntlm service.
service_ensure (Enum['running', 'stopped']) (defaults to: 'running') —

Whether the cntlm service should be running.
service_enable (Boolean) (defaults to: true) —

Whether to enable the cntlm service at boot.
service_name (String[1]) (defaults to: 'cntlm') —

The cntlm service to manage. Default value: cntlm
service_provider (Optional[String[1]]) (defaults to: undef) —

Which service provider to use for cntlm.
cntlm_password (Optional[String[1]]) (defaults to: undef) —

The cleartext password used for proxy authentication. Other password methods are preferred.
cntlm_passlm (Optional[String[1]]) (defaults to: undef) —

The PassLM password hash used for proxy authentication.
cntlm_passnt (Optional[String[1]]) (defaults to: undef) —

The PassNT password hash used for proxy authentication.
cntlm_passntlmv2 (Optional[String[1]]) (defaults to: undef) —

The PassNTLMv2 password hash used for proxy authentication.
cntlm_workstation (Optional[String[1]]) (defaults to: undef) —

The netbios hostname cntlm will send to the parent proxies. If unset, the value is auto-guessed by cntlm.
cntlm_noproxy (Optional[Array[String[1]]]) (defaults to: ['localhost', '127.0.0.*', '10.*', '192.168.*']) —

An array of addresses that will not be passed through parent proxies. * and ? wildcards can be used.
cntlm_listen (Optional[Array[String[1]]]) (defaults to: ['3128']) —

The port(s) cntlm should listen on. Can also specify multiple specific interface(s) and port(s) to bind to, using ‘ip:port’.
cntlm_socks5proxy (Optional[Array[String[1]]]) (defaults to: undef) —

A list of interfaces and ports to bind to for SOCKS5 proxy functionality, in format [‘ip:port’, …]
cntlm_socks5user (Optional[Array[String[1]]]) (defaults to: undef) —

A list of username:password pairs for permissioning access to the SOCKS5 proxy. If unset, the SOCKS5 proxy will accept all requests.
cntlm_auth (Optional[String[1]]) (defaults to: undef) —

The authentication mode to use.
cntlm_flags (Optional[String[1]]) (defaults to: undef) —

The authentication flags to use.
cntlm_gateway (Boolean) (defaults to: false) —

Whether to allow access from other computers.
cntlm_allow (Optional[Array[String[1]]]) (defaults to: undef) —

A list of IPs/CIDR-denoted subnets to allow to connect when gateway mode is enabled.
cntlm_deny (Optional[Array[String[1]]]) (defaults to: undef) —

A list of IPs/CIDR-denoted subnets to restrict from connecting when gateway mode is enabled.
cntlm_isascannersize (Optional[Integer]) (defaults to: undef) —

The ISAScannerSize used with GFI WebMonitor.
cntlm_isascanneragent (Optional[Array[String[1]]]) (defaults to: undef) —

A list of ISAScannerAgents used with GFI WebMonitor.
cntlm_header (Optional[Array[String[1]]]) (defaults to: undef) —

A list of headers to replace if present in the request.
cntlm_tunnel (Optional[Array[String[1]]]) (defaults to: undef) —

A list of tunnels mapping local ports to machines behind the proxy.

# File 'manifests/init.pp', line 44

class cntlm (
    String[1] $cntlm_username,
    String[1] $cntlm_domain,
    Array[String[1]] $cntlm_proxy,
    Boolean $package_manage = true,
    String[1] $package_name = 'cntlm',
    String[1] $package_ensure = 'present',
    Boolean $service_manage = true,
    Enum['running', 'stopped'] $service_ensure = 'running',
    Boolean $service_enable = true,
    String[1] $service_name = 'cntlm',
    Optional[String[1]] $service_provider = undef,
    Optional[String[1]] $cntlm_password = undef,
    Optional[String[1]] $cntlm_passlm = undef,
    Optional[String[1]] $cntlm_passnt = undef,
    Optional[String[1]] $cntlm_passntlmv2 = undef,
    Optional[String[1]] $cntlm_workstation = undef,
    Optional[Array[String[1]]] $cntlm_noproxy = ['localhost', '127.0.0.*', '10.*', '192.168.*'],
    Optional[Array[String[1]]] $cntlm_listen = ['3128'],
    Optional[Array[String[1]]] $cntlm_socks5proxy = undef,
    Optional[Array[String[1]]] $cntlm_socks5user = undef,
    Optional[String[1]] $cntlm_auth = undef,
    Optional[String[1]] $cntlm_flags = undef,
    Boolean $cntlm_gateway = false,
    Optional[Array[String[1]]] $cntlm_allow = undef,
    Optional[Array[String[1]]] $cntlm_deny = undef,
    Optional[Integer] $cntlm_isascannersize = undef,
    Optional[Array[String[1]]] $cntlm_isascanneragent = undef,
    Optional[Array[String[1]]] $cntlm_header = undef,
    Optional[Array[String[1]]] $cntlm_tunnel = undef,
) {
    contain cntlm::install
    contain cntlm::config
    contain cntlm::service

    Class['::cntlm::install']
    -> Class['::cntlm::config']
    ~> Class['::cntlm::service']
}