HOWTO ACCESS ISA PROXY
From Gentoo Linux Wiki
| Installation • Kernel & Hardware • Networks • Portage • Software • System • X Server • Gaming • Non-x86 • Emulators • Misc |
Contents |
[edit] Why?
There are many companies where the only way to get access to external networks is through a Microsoft ISA Proxy Server.
[edit] The Linux "Client"
Yes there is a software to do this on Linux, and we have this on Gentoo Portage net-proxy/ntlmaps
[edit] Install ntlmaps
This is very simple, using portage!
# echo "net-proxy/ntlmaps" >> /etc/portage/package.keywords # emerge net-proxy/ntlmaps
[edit] Configure ntlmaps
Open and edit the file server.cfg
#vi /etc/ntlmaps/server.cfg
| File: /etc/ntlmaps/server.cfg |
[GENERAL] #You local port here LISTEN_PORT:8011 #The ISA Serve addess, you can use IP too. PARENT_PROXY:isaproxy.your.internal.domain #You remote ISA server port PARENT_PROXY_PORT:80 PARENT_PROXY_TIMEOUT:15 ALLOW_EXTERNAL_CLIENTS:0 FRIENDLY_IPS: URL_LOG:0 MAX_CONNECTION_BACKLOG:20 [CLIENT_HEADER] Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/msword, application/vnd.ms-powerpoint, */* #Yeap, we dont want count to ieka! no? User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv-1.7.10) Gecko/20050803 Firefox/1.0.6 [NTLM_AUTH] # Optional value, if leaved blank then APS will use gethostname() to determine NT_HOSTNAME:MYMACHINENAME # Windows Domain (Short name of your domain). # NOTE: it is not full qualified internet domain, but windows network domain. NT_DOMAIN:DOMAIN_NAME # What user's name to use during authorization. It may differ form real current username. # Use a valid account in AD, with out DOMAIN_NAME USER:AD_USERNAME PASSWORD:1234567890 # These two options replace old FULL_NTLM option. # NTLM authentication consists virtually of two parts: LM and NT. Windows95/98 use # only LM part, WindowsNT/2000 can use NT and LM or just NT part. # Almost always using just LM part will be enough. I had several reports # about LM and NT requirement and no about just NT. # So try to setup 1, 1 only if you have enough reasons to do so and when you understand # what you are doing. # 0, 0 is an illegal combination # NOTE: if you change these options then you have to setup flag option accordingly. LM_PART:1 NT_PART:1 # Highly experimental option. See research.txt for details. # LM - 06820000 # NT - 05820000 # LM + NT - 07820000 NTLM_FLAGS: 07820000 #Use 0 to encrypt NTLM_TO_BASIC:0 [DEBUG] # Set this to 1 if you want to see debug info in many log files. One per connection. DEBUG:0 # Set this to 1 to get even more debug info. BIN_DEBUG:0 # Set this to 1 to see some strange activity on screen. Actually you won't want it. SCR_DEBUG:0 # Not actually a debug option but gives you some details on authentication process # into *.auth logs. Also see research.txt. AUTH_DEBUG:0 |
[edit] Configure and start your new service
#rc-update add ntlmaps default
#/etc/init.d/ntlmaps start
[edit] Configure your system to sync portage
Open/Create /etc/env.d/09proxy and add this lines
| File: /etc/env.d/09proxy |
http_proxy="http://localhost:8011" https_proxy="http://localhost:8011" ftp_proxy="http://localhost:8011" no_proxy="localhost,.isaproxy.your.internal.domain, others.intranet.machines" |
[edit] Emerge-webrsync works now
[edit] Update your system enviroment
#env-update
#source /etc/profile
[edit] Update your portage tree
#emerge-webrsync
[edit] And portage, and many others programs works
#emerge any_package
#wget http://anyaddr/file.ext
