ISA Proxy configuration for Ubuntu


Symtom: To configure ISA proxy in Ubuntu where ubuntu accepts windows authentication

Solution: There are two tools are available for authenticating ISA server.

1. NTLMAPS

2. CNTLM

Installation procedure:

Download url for NTLMAPS ubuntu oneiric: http://packages.ubuntu.com/oneiric/ntlmaps

Step 1:  dpkg –install <package name>

Step 2: Configure the program:

[HTML]
Listen port: 5865
Parent Proxy: your.proxy.com
(e.g. enter the name or address of your proxy,
do not enter the port as “your.proxy.com:number”
as this will be taken care of in the next step)
Parent Proxy Port: port_number (usually 8080)
NT Windows Domain: domain_name (your domain)
NT Windows Username: user_name (the user name you will authenticate with)
NT Windows Password: password
(the password you will use to authenticate with the
ISA Proxy)
[/HTML]

Step 3: Check the service ntlmap available /etc/init.d/ntlmaps

Step 4:  If it installed properly you should be able to see it with these commands :- ps aux | grep ntl

Step 5: To reconfigure the program $sudo dpkg-reconfigure ntlmaps

Step 6:  Create a file /etc/apt/apt.conf.d/proxy and input the following line:

Acquire::http::Proxy http://127.0.0.1:5865/;

Step 7:  Reconfigure System->Preferences->”Network Proxy” to point to localhost:5865 with _no_ authentication. Also reconfigure your GUI Package managers similarly.

Step 8: restart the system and check

Also check in the export environment.

Check if the proxy setting have been updated properly.

$ export | grep proxy

You should see something exactly like this:
Code:

$declare -x ftp_proxy=”ftp://127.0.0.1:5865/
$declare -x http_proxy=”http://127.0.0.1:5865/
$declare -x https_proxy=”https://127.0.0.1:5865/

also check your etc/apt/apt.conf file to see if the proxyies have been changed to 127.0.0.1:5865

Now test to see if wget works from a command line

$wget www.google.com

It should display that it is checking 127.0.0.1:5865, and download the correct file.
If it fails then something is wrong with NTLMaps setup.

Your Synaptic Package manager should be working correclty now as well.

Ref url : http://www.linuxquestions.org/linux/answers/Networking/HOWTO_Install_and_Configure_NTLMaps_for_use_with_an_ISA_Proxy

http://ubuntuforums.org/showthread.php?t=1285745

Installation procedure for CNTLM

Step 1: download the application from the url  http://ftp.awk.cz/cntlm/

Step 2: dpkg -i <package name>

Step 3:  Edit /etc/cntlm.conf file to have following information.
———————————————————————————-

Username username
Domain domainname
Password password
Proxy **proxy server IP**:8080
Listen 3128

Step4: Set my username ,domain, password

$cntlm -I -M http://test.com

It asked password.I entered my password.The following lines appeared:

Config profile 1/4… OK (HTTP code: 302)

—————————-[ Profile 0 ]——

Auth NTLMv2 PassNTLMv2 90BA1F766F17FF732ACB9B48BC65E93E

Step 5: Check the service cntlm by /etc/init.d/cntlm status

Step 6:  Create a file /etc/apt/apt.conf.d/proxy and input the following line

Acquire::http::Proxy http://127.0.0.1:3128

Step 7: Restart the system and check.

Ref url : http://askubuntu.com/questions/23666/apt-get-does-not-work-with-proxy

http://askubuntu.com/questions/86149/error-in-authenticating-cntlm-for-ubuntu-11-10

Update :

Error scenario: I configured cntlm in Ubuntu for the connectivity to ISA proxy server.

My network administrator restarted the ISA proxy server, after that I can able to browse and unable to do sudo apt-get.

I am getting an error message “

  1. 502 Parent proxy unreachable
  2. Connection to proxy failed, bailing out when I do cntlm –M http://google.com

 

Root cause: My Ubuntu machine unable to contact Proxy server, since it is in different segment.

502 Bad Gateway – The server was acting as a gateway or proxy and received an invalid response from the upstream server

Solution: please do route add to enable access to the proxy server network segment.

Eg. $ sudo route add –net  xxx.xxx.xxx.xxx netmask xxx.xxx.xxx.xxx etho  (or)

$ sudo route add –net  xxx.xxx.xxx.xxx netmask xxx.xxx.xxx.xxx gw xxx.xxx.xxx.xxx

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: