Monday, November 8, 2010

yum updates through Microsoft ISA proxy which needs NTLM authentication /NTLM Authorization Proxy Server HTTP Error 407: Proxy Authentication Required

If you have a Centos VM or any other VM that need access internet to update or download some bits. And the Host machine is behind the ISA proxy which is NTLM authentication enabled.  Here is the basic Idea to make the guest OS can access the internet without having the Authentication problem.

for some security reason, IT admin might disabled the Basic authentication for ISA access. If you use YUM and have to pass the proxy. Yum only support Basic authentication. so there is the problem. if you put one ISA proxy into /etc/yum.conf like proxy=http://youproxyserver:port and run yum update, you will get 407 error which means authentication failed. even you put the username password into the config. (why? proxy server only accept ntlm authentication)

login as: root
root@192.168.209.128's password:
Last login: Fri Nov  5 02:25:34 2010
[root@linuxserver ~]# vi /etc/yum.conf
[root@linuxserver ~]# cls
[root@linuxserver ~]# yum update kernel
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: centos-distro.cavecreek.net
* updates: centos.eecs.wsu.edu
* addons: mirror.nyi.net
* extras: centos.promopeddler.com
http://centos-distro.cavecreek.net/centos/5.5/os/i386/repodata/repomd.xml: [Errno 14] HTTP Error 407: Proxy Authentication Required ( The ISA Server requires authorization to fulfill the request. Access to the Web Proxy filter is denied.  )


answer, install one NTLM Authorization Proxy Server on Host or guest OS. (the  APS is python based, run anywhere that has python.) 'NTLM Authorization Proxy Server' (APS) is a proxy software that allows you to authenticate via an MS Proxy Server using the proprietary NTLM protocol. then change the yum.config to use the new proxy server which is anonymous.

more steps,
Download and Install Python
Download and install NTLM Authorization Proxy Server

Change the server.cfg,  here is the key change

PARENT_PROXY:ISA01
PARENT_PROXY_PORT:8080
Accept:text/html, application/xhtml+xml, */*

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; MS-RTC LM 8)
NT_DOMAIN:test.com
USER:useraccount
PASSWORD:password

LM_PART:1
NT_PART:1


NTLM_FLAGS: 07820000

Then startup the proxy utility ntlmaps-0.9.9.0.1\runserver.bat

Now change the yum.conf to the new proxy ISA01, Yum works now.

for Other http client like Wget, you need Export http_proxy=http://yourproxy:port

 

reference,
http://www.centos.org/docs/5/html/yum/sn-yum-proxy-server.html

1 comment:

 
Locations of visitors to this page