Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Gentoo über Proxy-Server [es geht weiter]
View unanswered posts
View posts from last 24 hours
View posts from last 7 days

Goto page Previous  1, 2, 3  Next  
Reply to topic    Gentoo Forums Forum Index Deutsches Forum (German)
View previous topic :: View next topic  
Author Message
72_6f_6c_61_6e_64
Guru
Guru


Joined: 16 Nov 2009
Posts: 438
Location: 39° 6′ 18″ N, 76° 44′ 29″ W

PostPosted: Tue Jan 11, 2011 11:14 am    Post subject: Reply with quote

Hab die config gefunden und angepasst.

Ich hab aber jetzt folgendes Problem, oder ist das keins?
Code:
 /etc/init.d/ntlmaps start
 * Caching service dependencies ...
 *  Cannot add provide 'net', as a service with the same name exists!                                                                                              [ ok ]
 * Service ntlmaps starting
 * WARNING:  ntlmaps is scheduled to start when net.eth0 has started.

LG Roland

Aja, gehört das in boot oder in default?
_________________
Man gewöhnt sich an allem, sogar am Dativ.
Back to top
View user's profile Send private message
Beforegod
Bodhisattva
Bodhisattva


Joined: 10 Apr 2002
Posts: 1493
Location: Frankfurt/Main

PostPosted: Tue Jan 11, 2011 11:17 am    Post subject: Reply with quote

Fehlermeldung ist doch eindeutig :)

Der Dienst wartet bis net.eth0 gestartet ist.

Nimm mal aus der /etc/init.d/ntlmaps die Abhängigkeit von net.eth0 raus, dann sollte es auch so starten.
Back to top
View user's profile Send private message
72_6f_6c_61_6e_64
Guru
Guru


Joined: 16 Nov 2009
Posts: 438
Location: 39° 6′ 18″ N, 76° 44′ 29″ W

PostPosted: Tue Jan 11, 2011 11:26 am    Post subject: Reply with quote

hmmm,

so schaut jetzt meine /etc/init.d/ntlmaps aus:
Code:
#!/sbin/runscript
# Copyright 1999-2004 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/net-proxy/ntlmaps/files/ntlmaps.init,v 1.3 2005/10/06 21:39:47 mrness Exp $

PID_FILE="/var/run/ntlmaps.pid"

start() {
        ebegin "Starting ntlmaps"
        touch ${PID_FILE}
        chown ntlmaps:ntlmaps ${PID_FILE}
        cd /var/log/ntlmaps && \
                start-stop-daemon --quiet --start --background --exec /usr/bin/python \
                        --make-pidfile --pidfile ${PID_FILE} --chuid ntlmaps -- /usr/bin/ntlmaps < /dev/null && \
                sleep 1
        eend $?
}
stop() {
        ebegin "Stopping ntlmaps"
        start-stop-daemon --stop --quiet --pidfile ${PID_FILE} && \
                rm -f ${PID_FILE}
        eend $?
}

ich bekomm aber immer noch:
Code:
/etc/init.d/ntlmaps start
 * Caching service dependencies ...
 *  Cannot add provide 'net', as a service with the same name exists!                                                                                              [ ok ]
 * Service ntlmaps starting                                                                                                                                        [ !! ]
 * ERROR:  ntlmaps failed to start

_________________
Man gewöhnt sich an allem, sogar am Dativ.
Back to top
View user's profile Send private message
Beforegod
Bodhisattva
Bodhisattva


Joined: 10 Apr 2002
Posts: 1493
Location: Frankfurt/Main

PostPosted: Wed Jan 12, 2011 9:34 am    Post subject: Reply with quote

ok, am besten Änderung rückgängig machen und mal die ntlmaps.conf posten. evt. steht da eine Abhängigkeit drinnen.
Back to top
View user's profile Send private message
72_6f_6c_61_6e_64
Guru
Guru


Joined: 16 Nov 2009
Posts: 438
Location: 39° 6′ 18″ N, 76° 44′ 29″ W

PostPosted: Wed Jan 12, 2011 10:30 am    Post subject: Reply with quote

Code:
#========================================================================
[GENERAL]

LISTEN_PORT:5865

# If you want APS to authenticate you at WWW servers using NTLM then just leave this
# value blank like PARENT_PROXY: and APS will connect to web servers directly.
# You can specify more than one proxy by leaving a space between each one, and
# APS will detect when one fails and automatically fail-over to the next. EG:
#PARENT_PROXY:first_proxy second_proxy third_proxy
# And NOTE that NTLM cannot pass through another proxy server.
PARENT_PROXY:your_parentproxy

PARENT_PROXY_PORT:8000 8080

# APS will poll the upstream proxy and attempt to fail-over to a new one if it doesn't
# get a response within an appropriate time frame.  The amount of time that it will
# wait for a response before attempting fail-over is specified, in seconds, below:
PARENT_PROXY_TIMEOUT:15

# Set to 1 if you want to grant this authorization service to clients from other computers.
# NOTE: all the users from other hosts that will be using you copy of APS for authentication
# will be using your credentials in NTLM auth at the remote host.
ALLOW_EXTERNAL_CLIENTS:0

# If you want to allow some other but not all computers to use your proxy for authorization,
# just set ALLOW_EXTERNAL_CLIENTS:0 and put friendly IP addresses here.
# Use space as a delimiter.
# NOTE that special addesses don't work here (192.168.3.0 for example).
FRIENDLY_IPS:

# Requested URLs are written to "url.log" file. May be useful.
#URL_LOG:0
URL_LOG:1

# When a network service listens for connections, there is a maximum number of connection
# attempts to that service that the underlying OS will allow to backlog waiting for a response
# before the OS will start dropping new connection attempts with 'Connection refused'.  The
# standard method of determining the maximum number of backlogged connections is to use the
# SOMAXCONN constant, which is supposed to represent the maximum number that an OS will support
# (for example, 5 on Windows 2000 Pro, and 200 on Windows 2000 server).  However, because this
# is a statically compiled value in a Python distribution, usually this instead represents the
# the most conservative value (5 on all Windows platforms, and 128 on the GNU/Linux variant I
# tried).  So if you are running (for example) a massively threaded/parallel download manager,
# the default value of, say, 5, or whatever SOMAXCONN happens to be set to, may be too low and
# cause some connections to fail.  The value below can be set to any integer (it seems that
# Python just silently caps values above the hard limit for the underlying platform), or it can
# be set to the special value of SOMAXCONN (i.e. MAX_CONNECTION_BACKLOG:SOMAXCONN), to use
# whatever this value happens to be set to in your Python build.  Setting this higher than
# necessary may cause APS to consume more memory than you needed to.
MAX_CONNECTION_BACKLOG:5

#========================================================================
[CLIENT_HEADER]

# This section describes what and how the server should change in the clients headers.
# Made in order to prevent parent proxy from seeing that you are using wget instead of IE5.5

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/msword, application/vnd.ms-powerpoint, */*
User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)

# for windows 2000 emulation ;)
# User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows NT5)

# You can uncomment these chages in client's header to mimic IE5+ better, but in this case
# you may expirience problems with *.html if your client does not really handle compression.
#Accept-Encoding: gzip, deflate

#========================================================================
[NTLM_AUTH]

# Optional value, if leaved blank then APS will use gethostname() to determine
# host's name.
# NOTE1: If you Linux host name differs from Windows host name then it may be that
#        MS server wont recognize you host at all and wont grant you access
#        to resources requested. Then you have to use this option and APS will use
#        this name in NTLM negotiations.
# NOTE2: There are several reports that you can successfully use "foreign" host name
#        here. Say, if user may access a resource from 'host1' and may not from 'host2'
#        then there is a chance that APS running on 'host2' with NT_HOSTNAME:host1 will
#        be able to be granted access to the restricted resource. However use this on
#        you own risk as such a trick may be considered as a hack or something.
NT_HOSTNAME:<hostname>
#NT_HOSTNAME:<hostname>

# Windows Domain.
# NOTE: it is not full qualified internet domain, but windows network domain.
NT_DOMAIN:<domain>

# What user's name to use during authorization. It may differ form real current username.
# If you enable NTLM_TO_BASIC, below, you can either leave this blank or simply
# hash it out.
USER:<user>

# Password. Just leave it blank here and server will request it at the start time,
# or, if you enable NTLM_TO_BASIC, below, you can either leave this blank or simply
# hash it out, and you *won't* be prompted for a password at start time.
PASSWORD:<password>

# These two options replace old FULL_NTLM option.
# NTLM authentication consists virtually of two parts: LM and NT. Windows95/98 use
# only LM part, WindowsNT/2000 can use NT and LM or just NT part.
# Almost always using just LM part will be enough. I had several reports
# about LM and NT requirement and no about just NT.
# So try to setup 1, 1 only if you have enough reasons to do so and when you understand
# what you are doing.
# 0, 0 is an illegal combination
# NOTE: if you change these options then you have to setup flag option accordingly.
LM_PART:1
NT_PART:0

# Highly experimental option. See research.txt for details.
# LM - 06820000
# NT - 05820000
# LM + NT - 07820000
NTLM_FLAGS: 06820000

# This option makes APS try to translate NTLM authentication to very usual "Basic"
# scheme. Almost all http clients know it. With this option set to 1 user will be requested
# by his browser to enter his credentials and these username and password will be used by
# APS for NTLM authentication at MS Proxy server or Web server.
# In such a case different users can use one runnig APS with their own credentials.
# NOTE1: currently translation works so it allows only one try for entering
#        username/password. If you make a mistake you will have to restart you browser.
# NOTE2: With debug:1 basic username/password will be written in log file in clear
#        text format. I could try hide it, but the basic scheme is so weak that anybody
#        who had access to APS would be able to get it.
NTLM_TO_BASIC:0

#========================================================================
[DEBUG]

# Set this to 1 if you want to see debug info in many log files. One per connection.
DEBUG:0

# Set this to 1 to get even more debug info.
BIN_DEBUG:0

# Set this to 1 to see some strange activity on screen. Actually you won't want it.
SCR_DEBUG:0

# Not actually a debug option but gives you some details on authentication process
# into *.auth logs. Also see research.txt.
AUTH_DEBUG:0

Ich hab keine Abhängigkeiten gefunden
_________________
Man gewöhnt sich an allem, sogar am Dativ.
Back to top
View user's profile Send private message
Beforegod
Bodhisattva
Bodhisattva


Joined: 10 Apr 2002
Posts: 1493
Location: Frankfurt/Main

PostPosted: Wed Jan 12, 2011 10:41 am    Post subject: Reply with quote

Ok, dann muss ich passen.

Aber Du kannst prüfen ob ntlmaps trotzdem im Hintergrund läuft. Der Zugriff kann ja trotzdem erfolgen. (über http_proxy=localhost:8000)
Back to top
View user's profile Send private message
72_6f_6c_61_6e_64
Guru
Guru


Joined: 16 Nov 2009
Posts: 438
Location: 39° 6′ 18″ N, 76° 44′ 29″ W

PostPosted: Wed Jan 12, 2011 5:41 pm    Post subject: Reply with quote

Hallo,

ich wollte schon fast den Thread als gelöst kennzeichnen, weil ntlmaps ohne Probleme gestartet ist. Aber jetzt hab ich ihn neugestartet, und es kommt eine
Fehlermeldung. (ich hab ntlmaps in default, ist das der Fehler?)

Ich hab in der /etc/init.d/ntlmaps einfach "need net.lo" reingeschrieben, und er hat mit einem /etc/init.d/ntlmaps restart auch angezeigt, das er auf
localhost:5686 (glaub so wars) läuft.

Aber jetzt nach einem Neustart kommt ein Error.

Ich hatte auch den Fehler, das netmount immer darauf bestanden hat ein net.eth0 gestartet zu haben. Auch dort hab ich das durch net.lo ersetzt.

Stimmt das so? Oder kann das dann nicht funktionieren? Ich kenn mich soo tief in Gentoo noch nicht wirklich aus, aber ich weiß dass net.eth0 und net.wlan auf
net.lo linken.

LG Roland
_________________
Man gewöhnt sich an allem, sogar am Dativ.
Back to top
View user's profile Send private message
Beforegod
Bodhisattva
Bodhisattva


Joined: 10 Apr 2002
Posts: 1493
Location: Frankfurt/Main

PostPosted: Wed Jan 12, 2011 6:37 pm    Post subject: Reply with quote

Auch wenn der Link auf net.lo geht, innerhalb des skriptes wird geprüft was nach dem . steht. Also eth0, wlan oder sonstwas.
Daher wieder alles auf eth0 ändern und mit der Warnung leben (sofern es funktioniert).
Back to top
View user's profile Send private message
72_6f_6c_61_6e_64
Guru
Guru


Joined: 16 Nov 2009
Posts: 438
Location: 39° 6′ 18″ N, 76° 44′ 29″ W

PostPosted: Thu Jan 13, 2011 7:01 am    Post subject: Reply with quote

Hallo,

in der ntlmaps war nur 'need net' ohne was dran.

Aber jetzt hab ich das wieder auf 'need net' gesetzt und beim Starten kommt das:
Code:
 * Caching service dependencies ...
 *  Cannot add provide 'net', as a service with the name exists!   [ ok ]
 * Service ntlmaps starting
 * WARNING:  ntlmaps is scheduled to start when net.eth0 has started

Wenn ich auf 'need net.wlan0' ändere kommt das:
Code:
 * Caching service dependencies ...
 *  Cannot add provide 'net', as a service with the same name exists!   [ ok ]
 * Service ntlmaps starting
 * Service net.wlan0 starting
 * WARNING:  net.wlan0 has started but is inactive
 * WARNING:  ntlmaps is scheduled to start when net.wlan0 has started.

Ich blick da nicht mehr durch. Das inactive ist wegen ifplugd oder? Meines Wissens geht das aber nur auf eth0

LG Roland
_________________
Man gewöhnt sich an allem, sogar am Dativ.
Back to top
View user's profile Send private message
Beforegod
Bodhisattva
Bodhisattva


Joined: 10 Apr 2002
Posts: 1493
Location: Frankfurt/Main

PostPosted: Thu Jan 13, 2011 8:27 am    Post subject: Reply with quote

Mit dem inactive passt ja soweit. Du hast ja gesagt, das Du das WLAN über den Networkmanager aktivierst.

Also aktivier WLAN und versuch ob Du mittels gesetzter Proxy Variable (export http_proxy=localhost:PORTVONNTLMAPS) ins Internet kommst.
Und keinen Ping, sondern eine Webseite testen.
Back to top
View user's profile Send private message
72_6f_6c_61_6e_64
Guru
Guru


Joined: 16 Nov 2009
Posts: 438
Location: 39° 6′ 18″ N, 76° 44′ 29″ W

PostPosted: Thu Jan 13, 2011 10:10 am    Post subject: Reply with quote

Habs probiert, es geht nicht.
_________________
Man gewöhnt sich an allem, sogar am Dativ.
Back to top
View user's profile Send private message
Beforegod
Bodhisattva
Bodhisattva


Joined: 10 Apr 2002
Posts: 1493
Location: Frankfurt/Main

PostPosted: Thu Jan 13, 2011 3:47 pm    Post subject: Reply with quote

Bau hier mal Dein NetworkManager + ntlmaps Script ein

http://en.gentoo-wiki.com/wiki/NetworkManager#.28Optional.29_Dependencies_of_Baselayouts_Networking_Script
Back to top
View user's profile Send private message
72_6f_6c_61_6e_64
Guru
Guru


Joined: 16 Nov 2009
Posts: 438
Location: 39° 6′ 18″ N, 76° 44′ 29″ W

PostPosted: Thu Jan 13, 2011 5:26 pm    Post subject: Reply with quote

Hallo,

ich hab kein +ntlmaps flag bei networkmanager oder nm-applet.

ich hab jetzt anhand der anleitung folgende datei gebastelt:
/etc/NetworkManager/dispatcher.d/50-ntlmaps-client wrote:
#!/bin/bash
/etc/init.d/ntlmaps status | grep -q "started"
started=$?

if [[ "$2" == "up" ]] ; then
if [[ "$started" != "0" ]] ; then
rc-config start ntlmaps
fi
else
rc-config stop ntlmaps
fi

War das gemeint?

Dann hab ich ntlmaps aus rc-update rausgenommen und neugestartet: und dann hab ich das:

ein /etc/init.d/ntlmaps zap gibt folgendes aus:
* Manually resetting ntlmaps to stopped state.

und ein nc localhost:5865 gibt folgendes aus:
localhost:5865: forward host lookup failed:

Mit links testen kann ichs erst morgen in der Schule

LG Roland
_________________
Man gewöhnt sich an allem, sogar am Dativ.
Back to top
View user's profile Send private message
72_6f_6c_61_6e_64
Guru
Guru


Joined: 16 Nov 2009
Posts: 438
Location: 39° 6′ 18″ N, 76° 44′ 29″ W

PostPosted: Fri Jan 14, 2011 7:21 am    Post subject: Reply with quote

Ich pausier das mal offiziell

Wenn ic hwieder Zeit hab, schick ich dir ne pm

und wenn lösungen da sind poste ich sie.

LG Roland
_________________
Man gewöhnt sich an allem, sogar am Dativ.
Back to top
View user's profile Send private message
Robmaster
Tux's lil' helper
Tux's lil' helper


Joined: 09 Dec 2005
Posts: 110
Location: Berlin

PostPosted: Mon Jan 17, 2011 12:41 pm    Post subject: Reply with quote

Hallo was du möchest ist kein problem.

1 Transparenten Proxy aufsetzen.
2 Proxy Addresse als default gw über deinen dhcp-server verteilen.
Back to top
View user's profile Send private message
72_6f_6c_61_6e_64
Guru
Guru


Joined: 16 Nov 2009
Posts: 438
Location: 39° 6′ 18″ N, 76° 44′ 29″ W

PostPosted: Mon Jan 17, 2011 5:25 pm    Post subject: Reply with quote

Hallo,

wir haben in der Schule einen Proxy, auf den ich keinen Zugriff habe, und in Windows wird unter Internetoptionen der proxy für http/https eingestellt. Dann kann man surfen, ohne beim firefox den proxy extra einzustellen.
Auf der CMD geht ein ping nach draußen.

Ich hätte gerne unter Linux dasselbe: Opera ohne manuelles Proxy-Setzen im Browser, ping aus der Konsole, links oder sowas.

LG Roland
_________________
Man gewöhnt sich an allem, sogar am Dativ.
Back to top
View user's profile Send private message
Robmaster
Tux's lil' helper
Tux's lil' helper


Joined: 09 Dec 2005
Posts: 110
Location: Berlin

PostPosted: Wed Jan 19, 2011 10:28 am    Post subject: Reply with quote

Du kannst bei jedem Linux auch einen default Proxy setzen. Dann musst du nicht manuel den Proxy in Opera konfigurieren.



Gruß
Back to top
View user's profile Send private message
72_6f_6c_61_6e_64
Guru
Guru


Joined: 16 Nov 2009
Posts: 438
Location: 39° 6′ 18″ N, 76° 44′ 29″ W

PostPosted: Wed Jan 19, 2011 3:04 pm    Post subject: Reply with quote

Davon war doch den ganzen Thread lang die rede :roll:

Edit:

Wie würdest du das machen?

Wir haben in der Schule so einen Microsoft ISA oder so Server und ich brauch http, und https nach draußen.

LG Roland
_________________
Man gewöhnt sich an allem, sogar am Dativ.
Back to top
View user's profile Send private message
Robmaster
Tux's lil' helper
Tux's lil' helper


Joined: 09 Dec 2005
Posts: 110
Location: Berlin

PostPosted: Wed Jan 19, 2011 7:40 pm    Post subject: Reply with quote

Ich würde die Proxyvariable in /etc/conf.d/locale.start hinterlegen.


export http_proxy="192.168.1.100:8080"
export ftp_proxy="192.168.1.100:8080" 8080 müsste der default port vom isa server sein.


Wenn eure Admins Ahnung haben, ist der ISA Server so konfiguriert, das nur mitglieder der Domäne berechtigt sind den Proxy zu nutzen.
Du könntest zwar auch mit Linux der Domäne beitreten, breuchtest jedoch das Domänen Administrator Kennwort. Abgesehen davon ist das ganze nicht trivial.
Back to top
View user's profile Send private message
72_6f_6c_61_6e_64
Guru
Guru


Joined: 16 Nov 2009
Posts: 438
Location: 39° 6′ 18″ N, 76° 44′ 29″ W

PostPosted: Wed Jan 19, 2011 8:52 pm    Post subject: Reply with quote

Ich hab das in der /etc/profile.d/proxy.sh eingetragen,

ich habs auch mit http://username:password@proxy:port
versucht aber es ging nicht.

Wir haben in der domäne auch active directory. hat das damit was zutun?
_________________
Man gewöhnt sich an allem, sogar am Dativ.
Back to top
View user's profile Send private message
Robmaster
Tux's lil' helper
Tux's lil' helper


Joined: 09 Dec 2005
Posts: 110
Location: Berlin

PostPosted: Thu Jan 20, 2011 8:53 am    Post subject: Reply with quote

Du musst mitglied der AD werden, sonst hast du keine chanche auf das netz zuzugreifen.
Back to top
View user's profile Send private message
72_6f_6c_61_6e_64
Guru
Guru


Joined: 16 Nov 2009
Posts: 438
Location: 39° 6′ 18″ N, 76° 44′ 29″ W

PostPosted: Thu Jan 20, 2011 7:37 pm    Post subject: Reply with quote

wie werd ich das?
_________________
Man gewöhnt sich an allem, sogar am Dativ.
Back to top
View user's profile Send private message
Beforegod
Bodhisattva
Bodhisattva


Joined: 10 Apr 2002
Posts: 1493
Location: Frankfurt/Main

PostPosted: Tue Jan 25, 2011 7:31 am    Post subject: Reply with quote

Was Robmaster meint ist der andere Weg.

Hierzu kannst Du folgendes machen:

- IP im ISA Proxy freischalten (damit gehst Du ohne Auth raus)
oder
- COmputerkonto im Proxy freischalten (dazu musst Du mittels Samba Mitglied der Domäne werden)

--

Bleib doch bei ntlmaps. Dort war doch Anfangs nur das Problem, das der Dienst nicht richtig startet?
Evt. kannst Du mal in der rc.conf nachschauen ob dort etwas mit RC_STRICT_NET steht? Setz das mal auf lo und probiere es erneut.

Ansonsten starte den Dienst mal per Hand (ntlmaps -c /etc/ntlmaps/config oder so ähnlich) und probier dann ob alles klappt.
Back to top
View user's profile Send private message
72_6f_6c_61_6e_64
Guru
Guru


Joined: 16 Nov 2009
Posts: 438
Location: 39° 6′ 18″ N, 76° 44′ 29″ W

PostPosted: Tue Jan 25, 2011 10:44 am    Post subject: Reply with quote

Aha,

in der /etc/rc.conf hab ich nix davon drinnen.
in der /etc/config/rc hab ich folgendes:
Code:
RC_NET_STRICT_CHECKING="no"

Ich hab newsbeuter installiert, und der schafft das über den proxy mit proxy-ip, proxy-port, benutzername und passwort.

LG Roland
_________________
Man gewöhnt sich an allem, sogar am Dativ.
Back to top
View user's profile Send private message
Beforegod
Bodhisattva
Bodhisattva


Joined: 10 Apr 2002
Posts: 1493
Location: Frankfurt/Main

PostPosted: Tue Jan 25, 2011 12:56 pm    Post subject: Reply with quote

Über den ISA Proxy oder über ntlmaps ?
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Deutsches Forum (German) All times are GMT
Goto page Previous  1, 2, 3  Next
Page 2 of 3

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum