Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Linux box behind an ISA server on a Windows2000 box

Status
Not open for further replies.
Krolsky

Krolsky

Programmer
Apr 16, 2002
20
0
0
DE
This is the case:
I am trying to install a Debian Linux box in a company-LAN. The LAN uses a proxyserver (MS ISA server 2000 afaik) on a win2k computer. The proxyserver has authentication by username for all I know and in Windows you can just enter the proxy server address in internetexplorer and you are set.

However if I enter the ipaddress for the proxyserver in the config of the linux box then I still cant open a website. This is the error I get:

HTTP 407 Proxy Authentication Required - ISA Server requires authorization to fulfill the request. Access to the Web Proxy service is denied. (12209)
Internet Security and Acceleration Server.


The Microsoft support site gives a solution for ISA server running on a Windows 2003 server box but since we run windows 2000 that does not apply (or does it?).


The question now is if I forgot anything. Is there a way to bypass this type of connections? I don't want to (cant either) alter the current settings in the ISA server but I can add anything that might be specific to IP-address or something alike.

Thanks in advance!
 
Sort by date Sort by votes
krolsky,

I'm having this same when i try to browse from a remote site in my network. I'm about to confirm if this is same for sco Unix.

somebody should please help
 
Upvote 0 Downvote
The problem with win/linux communication is Windows wants and NTLM security token to allow access through the ISA server, that is if it is setup that way. From the message that you describe, the ISA server requires authentication. The only way I know of to try to fix this is to allow all traffic without authentication. You can narrow this down by setting up a client set with the ip address/range that you linux box is using. Then that should work. I have a redhat 8 and a redhat 9 box running this way. I also have severl Mac clients running this way as well.

Joe
 
Upvote 0 Downvote
Well supposedly we have a filter here that allows any traffic from that linux (debian) box to the internet. Ping does work but it seems that that's the only thing that works.

It is kind of sad since now I have to manually download and install all packages I need plus all dependencies...

I will have to look further into the setup of specific client sets. Any info on that would be appreciated too.

Regards,
Krolsky
 
Upvote 0 Downvote
When you say that Ping is the only thing that works, I am assuming that HTTP or FTP access does not work. If that is the case, it may be a problem with a protocol rule. You may want to check there.

Joe
 
Upvote 0 Downvote
Have you tried using basic auth? Instead of NTLM which Unix based can't do? What you are trying to setup is called SecureNat clients. is an awesome site with tons of information on ISA. Hope this helps.
 
Upvote 0 Downvote
The problem basically is the ISA server itself. I can't change anything in there without touching company policies and since I am not allowed to do that, things seem to break up :(

I already found a way to do with my linux box (debian) what I needed to do but of course it's not the best solution ;)

Thanks everyone for helping me out and I am still going to keep trying and check out that for sure!


Thanks again,
Krolsky.
 
Upvote 0 Downvote
I had a similair problem only a different error : 403 forbidden, ISA denies specified URL.

It works for me now after doing the following :

Linux machine :
In the browser : direct connection, no proxy

RedHat Network Proxy :
manual proxy for http(s) and ftp using IP address and port number from ISA server. No authentication.


ISA machine :
I already created a protcol rule to allow http(s) access for a specified client address set.
This client address set consist of several IP address for some dedicated internet pc's. I added the IP address for the linux machine and I now have internet access.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
140
Sameer258
Sameer258
Sparrow4
  • Locked
  • Question
AnyConnect + Azure + SAML
Replies
0
Views
98
Sparrow4
Sparrow4
Tommy_T
  • Locked
  • Question
Sonic wall - Have an issue remotely connectioning VNC and SMB (and AFP) to one of the 2 ISP circuits
Replies
1
Views
116
nnaarrnn
nnaarrnn
Russtoleum
  • Locked
  • Question
SW GVC won't route traffic through sonicwall to offsite tunnel unless it leases an ip on the same su
Replies
1
Views
60
Russtoleum
Russtoleum
PauS0n
  • Locked
  • Question
Need Help On Cisco ASA 5512 Running Version 9
Replies
0
Views
55
PauS0n
PauS0n

Part and Inventory Search

Sponsor

Back
Top