Find the answer to your Linux question:
Page 2 of 2 FirstFirst 1 2
Results 11 to 15 of 15
Thanks kpzani, I downloaded NTLM tried it. I think I almost have it. I see connecting www.google.com ... sending request ... but then I get a message of "Document contains ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #11
    Just Joined!
    Join Date
    Apr 2003
    Posts
    6

    Thanks kpzani,

    I downloaded NTLM tried it. I think I almost have it. I see connecting www.google.com ... sending request ... but then I get a message of "Document contains no data". I attach my server.cfg for NTLM. Perhaps I'm missing something ...

    ************************************************** **********

    #================================================= =======================
    [GENERAL]

    LISTEN_PORT:5865

    # If you want APS to authenticate you at WWW servers using NTLM then just leave this
    # value blank like PARENT_PROXY: and APS will connect to web servers directly.
    # And NOTE that NTLM cannot pass through another proxy server.
    PARENT_PROXY:http://proxy.delagelanden.com

    PARENT_PROXY_PORT:8080

    # Set to 1 if you want to grant this authorization service to clients from other computers.
    # NOTE: all the users from other hosts that will be using you copy of APS for authentication
    # will be using your credentials in NTLM auth at the remote host.
    ALLOW_EXTERNAL_CLIENTS:0

    # If you want to allow some other but not all computers to use your proxy for authorization,
    # just set ALLOW_EXTERNAL_CLIENTS:0 and put friendly IP addresses here.
    # Use space as a delimiter.
    # NOTE that special addesses don't work here (192.168.3.0 for example).
    FRIENDLY_IPS:

    # Requested URLs are written to "url.log" file. May be useful.
    URL_LOG:0

    #================================================= =======================
    [CLIENT_HEADER]

    # This section describes what and how the server should change in the clients headers.
    # Made in order to prevent parent proxy from seeing that you are using wget instead of IE5.5

    Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/msword, application/vnd.ms-powerpoint, */*
    User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows 9

    # for windows 2000 emulation
    # User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows NT5)

    # You can uncomment these chages in client's header to mimic IE5+ better, but in this case
    # you may expirience problems with *.html if your client does not really handle compression.
    #Accept-Encoding: gzip, deflate

    #================================================= =======================
    [NTLM_AUTH]

    # Optional value, if leaved blank then APS will use gethostname() to determine
    # host's name.
    # NOTE1: If you Linux host name differs from Windows host name then it may be that
    # MS server wont recognize you host at all and wont grant you access
    # to resources requested. Then you have to use this option and APS will use
    # this name in NTLM negotiations.
    # NOTE2: There are several reports that you can successfully use "foreign" host name
    # here. Say, if user may access a resource from 'host1' and may not from 'host2'
    # then there is a chance that APS running on 'host2' with NT_HOSTNAME:host1 will
    # be able to be granted access to the restricted resource. However use this on
    # you own risk as such a trick may be considered as a hack or something.
    NT_HOSTNAME:

    # Windows Domain.
    # NOTE: it is not full qualified internet domain, but windows network domain.
    NT_DOMAIN:EUROPE

    # What user's name to use during authorization. It may differ form real current username.
    USER:######

    # Password. Just leave it blank here and server will request it at the start time.
    PASSWORD:#######

    # These two options replace old FULL_NTLM option.
    # NTLM authentication consists virtually of two parts: LM and NT. Windows95/98 use
    # only LM part, WindowsNT/2000 can use NT and LM or just NT part.
    # Almost always using just LM part will be enough. I had several reports
    # about LM and NT requirement and no about just NT.
    # So try to setup 1, 1 only if you have enough reasons to do so and when you understand
    # what you are doing.
    # 0, 0 is an illegal combination
    # NOTE: if you change these options then you have to setup flag option accordingly.
    LM_PART:1
    NT_PART:0

    # Highly experimental option. See research.txt for details.
    # LM - 06820000
    # NT - 05820000
    # LM + NT - 07820000
    NTLM_FLAGS: 06820000

    # This option makes APS try to translate NTLM authentication to very usual "Basic"
    # scheme. Almost all http clients know it. With this option set to 1 user will be requested
    # by his browser to enter his credentials and these username and password will be used by
    # APS for NTLM authentication at MS Proxy server or Web server.
    # In such a case different users can use one runnig APS with their own credentials.
    # NOTE1: currently translation works so it allows only one try for entering
    # username/password. If you make a mistake you will have to restart you browser.
    # NOTE2: With debug:1 basic username/password will be written in log file in clear
    # text format. I could try hide it, but the basic scheme is so weak that anybody
    # who had access to APS would be able to get it.
    NTLM_TO_BASIC:0

    #================================================= =======================
    [DEBUG]

    # Set this to 1 if you want to see debug info in many log files. One per connection.
    DEBUG:0

    # Set this to 1 to get even more debug info.
    BIN_DEBUG:0

    # Set this to 1 to see some strange activity on screen. Actually you won't want it.
    SCR_DEBUG:0

    # Not actually a debug option but gives you some details on authentication process
    # into *.auth logs. Also see research.txt.
    AUTH_DEBUG:0

    txt.
    AUTH_DEBUG:0

    ************************************************** **********

    Thanks a lot

  2. #12
    Linux User
    Join Date
    Jan 2003
    Location
    Cardiff, Wales
    Posts
    478

    thoughts

    I've never used this before so I cant give you a simple answer.

    DEBUG:1
    BIN_DEBUG:1
    AUTH_DEBUG:1

    that looks like it will give you extra debugging info and a separate log file for each connection. as a *.auth? file detailing some authorisation info which could prove useful.

    ALSO. Edit your post and remove your username and password. You never know what use that could be to someone who is not very nice

    It sounds like your outgoing request is ok. But your returning data is not. Could you need to set some of the host options?

    Let me know what you find in the log and auth files. Dolda is pretty good at interpretting those and maybe he'll help.

    good luck
    No trees were harmed during the creation of this message. Its made from a blend of elephant tusk and dolphin meat.

  3. #13
    Just Joined!
    Join Date
    Apr 2003
    Posts
    6
    Ok, here is the output (I filled NT_HOSTNAME with FLAMINGO) that I think is our HOST:

    ************************************************** **********

    16.05.2003 07:40:21 Version 0.9.8
    *** Got client request header.
    *** Client header:
    =====
    GET http://www.mozilla.org/start/ HTTP/1.1
    Host: www.mozilla.org
    User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.3a) Gecko/20021223 Phoenix/0.5
    Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,video/x-mng,image/png,image/jpeg,image/gif;q=0.2,*/*;q=0.1
    Accept-Language: en-us,en;q=0.5
    Accept-Encoding: gzip,deflate,compress;q=0.9
    Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
    Keep-Alive: 300
    Proxy-Connection: keep-alive

    *** Client request header does not have 'Content-Length' or 'Transfer-Encoding' parameter and it must not have any body.
    *** Replacing values in client header...Done.
    *** New client header:
    =====
    GET http://www.mozilla.org/start/ HTTP/1.1
    Host: www.mozilla.org
    User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows 9
    Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/msword, application/vnd.ms-powerpoint, */*
    Accept-Language: en-us,en;q=0.5
    Accept-Encoding: gzip,deflate,compress;q=0.9
    Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
    Keep-Alive: 300
    Proxy-Connection: keep-alive

    *** Connecting to remote server...(http:8080)...Failed.
    *** Finishing procedure started.
    *** Closing thread...Done.


    ************************************************** **********

  4. #14
    Linux User
    Join Date
    Jan 2003
    Location
    Cardiff, Wales
    Posts
    478

    proxy addrees

    Notice in the final line of your log.

    *** Connecting to remote server...(http:8080)...Failed.
    Shouldn't that read something like http://your proxyserver.com:8080.

    Thats just a guess. But where in the config file were you supposed to set the address of the proxy.
    No trees were harmed during the creation of this message. Its made from a blend of elephant tusk and dolphin meat.

  5. #15
    Just Joined!
    Join Date
    Apr 2003
    Posts
    6
    YES!!, IT WORKS!!

    INCREDIBLE, MANY THANKS TO ALL, I'M GOING TO TRY KNOPPIX TO INCLUDE THIS NTLM AUTHENTICATION SOFTWARE.

    THE ONLY THING I CHANGED IS THE SERVER (FLAMINGO) BECAUSE THE PROXY SERVER WAS IN ANOTHER SERVER, AND THE PROXY ADRESS:

    PARENT_PROXY: proxy.delagelanden.com

    NOTE THAT I REMOVED THE "HTTP://" AND NOW IT WORKS

    THANKS AGAIN

    ROLANDO

Page 2 of 2 FirstFirst 1 2

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •