Search:  
Gentoo Wiki

HOWTO_ACCESS_ISA_PROXY


This article is part of the HOWTO series.
Installation Kernel & Hardware Networks Portage Software System X Server Gaming Non-x86 Emulators Misc

Contents

Why?

There are many companies where the only way to get access to external networks is through a Microsoft ISA Proxy Server.

The Linux "Client"

Yes there is a software to do this on Linux, and we have this on Gentoo Portage net-proxy/ntlmaps

Install ntlmaps

This is very simple, using portage!

# echo "net-proxy/ntlmaps" >> /etc/portage/package.keywords
# emerge net-proxy/ntlmaps

Configure ntlmaps

Open and edit the file server.cfg

#vi /etc/ntlmaps/server.cfg
File: /etc/ntlmaps/server.cfg
[GENERAL]
#You local port here
LISTEN_PORT:8011

#The ISA Serve addess, you can use IP too.
PARENT_PROXY:isaproxy.your.internal.domain

#You remote ISA server port
PARENT_PROXY_PORT:80

PARENT_PROXY_TIMEOUT:15

ALLOW_EXTERNAL_CLIENTS:0

FRIENDLY_IPS:

URL_LOG:0

MAX_CONNECTION_BACKLOG:20

[CLIENT_HEADER]
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/msword, application/vnd.ms-powerpoint, */*

#Yeap, we dont want count to ieka! no?
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv-1.7.10) Gecko/20050803 Firefox/1.0.6

[NTLM_AUTH]

# Optional value, if leaved blank then APS will use gethostname() to determine
NT_HOSTNAME:MYMACHINENAME

# Windows Domain (Short name of your domain).
# NOTE: it is not full qualified internet domain, but windows network domain.
NT_DOMAIN:DOMAIN_NAME

# What user's name to use during authorization. It may differ form real current username.
# Use a valid account in AD, with out DOMAIN_NAME
USER:AD_USERNAME
PASSWORD:1234567890

# These two options replace old FULL_NTLM option.
# NTLM authentication consists virtually of two parts: LM and NT. Windows95/98 use
# only LM part, WindowsNT/2000 can use NT and LM or just NT part.
# Almost always using just LM part will be enough. I had several reports
# about LM and NT requirement and no about just NT.
# So try to setup 1, 1 only if you have enough reasons to do so and when you understand
# what you are doing.
# 0, 0 is an illegal combination
# NOTE: if you change these options then you have to setup flag option accordingly.
LM_PART:1
NT_PART:1

# Highly experimental option. See research.txt for details.
# LM - 06820000
# NT - 05820000
# LM + NT - 07820000
NTLM_FLAGS: 07820000

#Use 0 to encrypt
NTLM_TO_BASIC:0

[DEBUG]
# Set this to 1 if you want to see debug info in many log files. One per connection.
DEBUG:0

# Set this to 1 to get even more debug info.
BIN_DEBUG:0

# Set this to 1 to see some strange activity on screen. Actually you won't want it.
SCR_DEBUG:0

# Not actually a debug option but gives you some details on authentication process
# into *.auth logs. Also see research.txt.
AUTH_DEBUG:0

Configure and start your new service

#rc-update add ntlmaps default
#/etc/init.d/ntlmaps start

Configure your system to sync portage

Open/Create /etc/env.d/09proxy and add this lines

File: /etc/env.d/09proxy
http_proxy="http://localhost:8011"
https_proxy="http://localhost:8011"
ftp_proxy="http://localhost:8011"
no_proxy="localhost,.isaproxy.your.internal.domain, others.intranet.machines"

Emerge-webrsync works now

Update your system enviroment

#env-update
#source /etc/profile

Update your portage tree

#emerge-webrsync

And portage, and many others programs works

#emerge any_package
#wget http://anyaddr/file.ext
Retrieved from "http://www.gentoo-wiki.info/HOWTO_ACCESS_ISA_PROXY"

Last modified: Fri, 05 Sep 2008 09:28:00 +0000 Hits: 13,822