0

Apologies if this is a basic question, I've recently taken ownership of our department's internal server so I'm having to deal with issues beyond my (very basic) knowledge.

Context

Our server is on a corporate network which requires corporate proxy authentication (e.g. enter corporate username and password). This is not an issue on the Windows machines on that network - when a web browser is opened the user is prompted to authenticate. However, when using a browser on Linux the user is not prompted to authenticate, the browser simply shows a message saying authentication is required.

Problem 1 - Internet Access would be useful

At the moment I have to walk to my desk on another floor if I need to look something up, because I cannot get Internet access from this machine since I cannot* (*do not know how to) authenticate. It would be useful to have the ability to authenticate so I can use a web browser.

Problem 2 - Packages cannot be updated

When I attempt to perform updates using sudo apt-get update or sudo apt-get install [package], there are errors which I believe are caused due to lack of authentication.

After performing sudo apt-get update, I get errors like W: Failed to fetch [link] 401 Authorization Required. (For some reason some http://us.archive.ubuntu.com trusty/ sources work correctly, and some throw the same error).

This is a major problem, as I need to be able to update packages on the server.

Steps Taken

  • I have installed cntlm via sudo apt-get install cntlm (it works from one of the few ubuntu repositories that randomly work).
  • I edited the configuration at /etc/cntlm.conf and added my username, the domain, and the proxy.
  • I started the service (sudo /etc/init.d/cntlm start)
  • I tested the service (sudo cntlm -I -M http://www.google.com/) and the response was Config Profile 1/4... Auth not required (HTTP code: 307) Your proxy is open, you don't need another proxy.
  • I tried performing sudo apt-get update again and still receive the same error message. (401 Authorization Required)
  • (Whoops! My mistake! I see I need to configure apt proxy settings manually...)
  • I added the line Acquire::http::Proxy "http://localhost:3128"; to /etc/apt/apt.conf.
  • I restarted cntlm. (sudo /etc/init.d/cntlm stop, sudo /etc/init.d/cntlm start)
  • I performed sudo apt-get update ... and it hit 0% [Waiting for headers] [Waiting for headers] [Waiting for headers] [Waiting f - and just stopped there.
  • I performed sudo apt-get clean before performing sudo apt-get update - this started working and then stopped at 19% [Waiting for headers]
  • I performed sudo apt-get clean again before performing sudo apt-get update - this started working and then stopped at 0% [Waiting for headers]
  • I tried this a third time (sudo apt-get clean, sudo apt-get update) and it stopped at 20% [Waiting for headers]
  • I researched this subsequent problem and found an answer on AskUbuntu suggesting this may be an issue with IPv6 causing ICS to halt for a while when it receives concurrent connections.
  • I checked the /etc/sysctl.conf file and discovered the IPv6 already appears to be disabled... (The lines net.ipv6.conf.all.disable_ipv6 = 1, net.ipv6.conf.default.disable_ipv6 = 1, and net.ipv6.conf.lo.disable_ipv6 = 1 are already in the config file.)
  • (I'm now drawing a bit of a blank! The symptoms match the hypothesized IPv6 issue however if it is already disabled that doesn't seem to be able to be the cause)
  • I performed sudo apt-get clean and sudo apt-get update a fourth time (What the hell - why not?) and it hung on 24% [Waiting for Headers] this time, but first it hit a bunch of repositories. A repository which used to trigger errors did not do so now (http://cran.rstudio.com trusty /) but one which used to trigger errors now triggered a different error, Received HTTP code 501 from proxy after CONNECT.
Community
  • 1
Eilidh
  • 101
  • 1
  • 1
  • Welcome. For the problem 1 have you tried to do ssh -X yourUsername@yourip from the other floor? Try in advance from your own computer to do pgrep -l sshd to see if the daemon sshd is running. If you are able to connect with your computer after you can make run your browser too from shll e.g. firefox -no-remote. – Hastur Jul 10 '14 at 12:16
  • Hi, thank you! Forgive me but as I say I'm very new so I don't really understand what any of those commands do or what you are asking me to check. I will give them a try but it's going over my head a little I'm afraid! I do most of my work on the Linux server downstairs by using putty from my Windows 7 PC and doing everything via command line. – Eilidh Jul 10 '14 at 12:30
  • I used another Linux server (on the same network as my Windows 7 PC upstairs) to perform the first command (ssh -X myUsername@myIp) which worked correctly. – Eilidh Jul 10 '14 at 12:39
  • If I perform the pgrep -l sshd by ssh-ing in (Putty > Upstairs Server > Downstairs Server) it shows three sshd numbers, and if I try going in to the Downstairs Server directly (Putty > Downstairs Server) it shows five sshd numbers. I'm not sure what the daemon sshd is or how to check if it is running? – Eilidh Jul 10 '14 at 12:40

1 Answers1

0

You must tell apt-get to use your proxy. In a shell, type:

export _http_proxy=htp://user:password@proxyserver:port apt-get update

If this works, you can make the change persistent:

vi /etc/apt/apt.conf.d/proxy

and then

Acquire::http::Proxy "htp://user:password@proxyserver:port";

alci
  • 5,839
  • Notice the missing t in http addresses, as I was not allowed to add "links"... – alci Jul 10 '14 at 12:23
  • Forgive me if I'm mistaken, but I think I have completed this step? I added my proxy to apt.conf - Acquire::http::Proxy "htp://localhost:3128"; which should direct it through cntlm according to instructions. – Eilidh Jul 10 '14 at 12:28