April 04, 2013

Company proxy configuration

If you're running your Linux box @work you most likely have the issue of using the company proxy server. I know I do :'O With the current Ubuntu / Linuxmint there's still a couple of places you'll need to configure before you have your proxy settings up and running.

The worst part is when you have to update your windows password. Cause you'll have to update all the configuration files on your box to be able to connect to the proxy with your new password. And a password change happens quite often these days. Here's a small note on the strategy: proxy  to get your theory on the same page.

I installed cntml, a small local proxy tool that can handle the proxy connection stuff for you windows servers. cntml worked better for me, that's the only reason for not running ntml!

#sudo aptitude install cntml

Then, you'll have to configure the buggar, cntml have a great guide for this, so follow that one, and then you'll have to setup you browser and command line utilities and most likely your apt-conf as well.

As an system update can be run through pkexec and gksudo, which is what you do when you update using the GUI tools for updating. You'll have to setup the proxy server for the apt tool. This is because at writing pkexec and gksudo does not carry the cmd line proxy settings, which will cause both of these tools to fail the update.

First, You'll have to add a file to your apt.conf.d with the proxy, I just created a file called 98proxy in the /etc/apt/apt.conf.d/ directory, containing the cntlm proxy settings.


# echo 'Acquire::http::Proxy "http://localhost:3128";' | sudo tee /etc/apt/apt.conf.d/98proxy > /dev/null



Or edit the file by using you favorite editor.


Second, you'll have to setup your command line proxy, either locally via ~/.bashrc or as I did for the machine with a proxy.sh script in the /etc/profile.d/ dir You can copy the following to either you ~/.bashrc file or create a proxy script file. i.e.

# sudo touch /etc/profile.d/proxy
# sudo nano /etc/profile.d/proxy

Then copy and paste this:

#!/bin/bash
export http_proxy="http://localhost:3128"

export http_proxy="https://localhost:3128"
export http_proxy="ftp://localhost:3128"
export no_proxy="localhost,<your domain>"



You'll also have to edit the sudoers file to get your environment kept, you you ever need to run stuff as root!

# sudo nano /etc/sudoers

Paste the following to keep your settings (The Display is not for the proxy but you might like to haveroot windows displayed on your gui aswell)

Defaults     env_keep = "DISPLAY"
Defaults     env_keep += "proxy"
Defaults     env_keep += "http_proxy"
Defaults     env_keep += "https_proxy"
Defaults     env_keep += "ftp_proxy"
Defaults     env_keep += "no_proxy"



Third, you'll need to use the proxy in all you browser, spotify etc. Remember to set the no_proxy stuff aswell, as you may have internal domain look up issues. Change firefoxes settings via the gui, edit|preferences.


I rolled a small company-proxy-settings package containing the changes I mention here, just use it, on your own account. The package has an additional script that you may want. It is called cntml_config and you can run it every time you'll have to change your company password!

Script listing:

# sudo touch /usr/bin/cntlm_config
# sudo nano /usr/bin/cntlm_config 

Paste the contents:

#!/bin/bash

config=/etc/cntlm.conf

domain=<your domain> 


sudo service cntlm stop

echo -n "Enter your username for windows: ";
read user;

unset pass;
prompt="Enter password for windows: "
while IFS= read -p "$prompt" -r -s -n 1 char
do
    if [[ $char == $'\0' ]]
    then
        break
    fi
    prompt='*'
    pass+="$char"
done
echo "";

sudo perl -p -i -e "s|(Username\t).*$|Username\t$user|g" $config;
sudo perl -p -i -e "s|(Password\t).*$|Password\t$pass|g" $config;
sudo perl -p -i -e "s|(Domain\t).*$|Domain\t\t$domain|g" $config;
sudo perl -p -i -e "s/10.0.0.41:8080/<your proxy>/g" $config;
sudo perl -p -i -e "s/Proxy.*10[.]0[.]0[.]42:8080//g" $config;

sudo chmod 0600 $config;
sudo service cntlm start


replace the <your domain> and <your proxy> in the script with your company settings and you should be good to go. Modify and use at your own risk!

No comments: