My work proxy server requires authentication with the Microsoft AD domain user credentials. Everybody knows how it works: If you log in on a Windows workstation, your "Internet Explorer" browser based internet access requests are automatically authenticated (and identified) using your domain login credentials.
I found that Firefox can also authenticate against these proxy servers and long assumed that they "do something special". Recently a colleague installed Linux Mint in a VM and to my surprise he was busy getting updates from the internet. When I asked how he got it wo work he shrugged and said "It just worked"
This prompted me to re-look at the proxy settings. I run Kubuntu (with a mix of G* and K* applications, but I only use the GTK applications when I'm convinced that they are much better than anything K*)
I do still have a copy of Windows guest running in a VirtualBox VM, mainly for Printing and for accessing internal/corporate web sites (Which both requires authentication and identification via MS domain credentials) as well as for changing my domain password every so many days.
So it would be very helpful if I could get [some/most/all] of my Linux applications to work via the proxy server. My most urgent needs are for Akregator and Muon to be able to work. Other applications that may benefit are some apps that auto-update (Eg Virtual Box Extentions) or wrap themselves around a browser (Get More Themes/Wall Papers/etc comes to mind, and the occasional use of wget)
SSH/SCP clients manage to work via the firewall without authentication.
What is the right way (tool and/or procedure) to configure this, ideally in a single location because having to maintain my password in multiple locations is a recipe for getting locked out of my account :-/
Oh, and it would be a dream come true if I could have the equivalent to the Firefox "Quick Proxy" proxy disable/enable utility, eg one click to enable or disable the use of proxy, without heaving to log out and back in, depending on what network I'm on. Actually thinking about it, a utility should be trainable to look at your IP address and know when you need to use the proxy! But I digress.
I imagine running a local proxy server which can dynamically add the authentication and forward to an upstream proxy server when needed may be the only real solution.
Best Answer
Solution option: Run a web proxy on your windows VM. Setup your system to use that instance as your proxy.
Since your Windows VM is already authenticated and traffic is allowed through it, setting up a SOCKS proxy on that VM instance will centralized your authentication needs. If it is just for you and your boxes, this should be fine and is probably fairly straightforward.
Piggybacking on this idea is to get an SSHD daemon running on the Windows VM so you can do things like SSH SOCKS tunnels from your other boxes through the VM:
For those apps that may have problems or where you don't want to reconfigure the apps, you can make use of sshtunnel, which will setup iptables rules to route traffic. Works for Linux and Mac systems.
If you need to avoid installing a proxy on the Windows VM itself, you can setup a Squid proxy box configured to authenticate itself against the windows AD. A guide on doing that located here:
Solution option: Squid Proxy Authenticated via AD/NTLM
http://techmiso.com/1934/howto-install-squid-web-proxy-server-with-active-directory-authentication/(dead link)Another NTLM proxy solution, though I think this one actually runs on a Windows machine:
Solution option: NTLM proxy http://cntlm.sourceforge.net/