Problems getting Mint 19 LXDE to work with an NLTLM proxy.

Questions about Wi-Fi and other network devices, file sharing, firewalls, connection sharing etc
Forum rules
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
Locked
NormanDunbar
Level 1
Level 1
Posts: 30
Joined: Thu Oct 25, 2012 11:46 am

Problems getting Mint 19 LXDE to work with an NLTLM proxy.

Post by NormanDunbar »

I have Mint 19 installed in a VirtualBox VM, the network on the VM is bridged, so it runs over my host's network setup. The host is Windows 7. I'm behind a corporate firewall however, I have the proxy details supplied by the network team. I have administrator privileges on the host.

I also have an Oracle Enterprise Linux 7 VM and that's able to connect to the internet from the browser, wget, curl etc, and I can update the installed software with yum with no problems. It's running Gnome there though.

There isn't an obvious system wide proxy setup on LXDE, unless you know better.

Server names, ip addresses etc are obfuscated in the following for obvious reasons.

Here's what I've tried:

/etc/environment:

I've set up http_proxy and https_proxy in various attempts and formats with and without the user and password, and with and without the http:// prefix. Currently, and working with Firefox using system proxy settings, my file looks like this:

Code: Select all

http_proxy="http://proxy_server:port"
https_proxy="http://proxy_server:port"
ftp_proxy="http://proxy_server:port"
no_proxy="localhost,127.0.0.1"
#
proxy_user=my_user
proxy_password=my_password
PROXY_USER=my_user
PROXY_PASSWORD=my_password
#
HTTP_PROXY="http://proxy_server:port"
HTTPS_PROXY="http://proxy_server:port"
FTP_PROXY="http://proxy_server:port"
NO_PROXY="localhost,127.0.0.1"
I've also tried this file with the username and passwords embedded in the settings for the various proxies, but no joy outside the browser.


/etc/apt/apt.conf.d/99proxy.conf:

In addition to the above in /etc/environment, I also have:

Code: Select all

Acquire::http::proxy "http://user:password@proxy_server:port";
Acquire::https::proxy "http://user:password@proxy_server:port";

Firefox works fine. When I open it and attempt to connect, it asks for my proxy credentials when I configure it with manual proxy settings of just the servername and port, no protocol or username/password - it fails to connect if I use either of those. If configured with "use system settings" it also works.

I'm unable to use wget or apt-get to update my installation. With wget in debug mode I get the following, for example:

Code: Select all

norm@vbMint19:~$ wget -d http://google.com
DEBUG output created by Wget 1.19.4 on linux-gnu.

Reading HSTS entries from /root/.wget-hsts
URI encoding = ‘UTF-8’
URI encoding = ‘UTF-8’
Converted file name 'index.html' (UTF-8) -> 'index.html' (UTF-8)
--2018-10-19 11:28:44--  http://google.com/
Resolving proxy_server.domain.com (proxy_server.domain.com)... 1.2.3.4
Caching proxy_server.domain.com => 1.2.3.4
Connecting to proxy_server.domain.com (proxy_server.domain.com)|1.2.3.4|:1234... connected.
Created socket 3.
Releasing 0x000055fc97ee92b0 (new refcount 1).

---request begin---
GET http://google.com/ HTTP/1.1
User-Agent: Wget/1.19.4 (linux-gnu)
Accept: */*
Accept-Encoding: identity
Host: google.com
Connection: Keep-Alive
Proxy-Connection: Keep-Alive

---request end---
Proxy request sent, awaiting response... 
---response begin---
HTTP/1.1 407 Proxy Authentication Required ( Forefront TMG requires authorization to fulfill the request. Access to the Web Proxy filter is denied.  )
Via: 1.1 MORTMGS003
Proxy-Authenticate: Negotiate
Proxy-Authenticate: Kerberos
Proxy-Authenticate: NTLM
Connection: Keep-Alive
Proxy-Connection: Keep-Alive
Pragma: no-cache
Cache-Control: no-cache
Content-Type: text/html
Content-Length: 4138  

---response end---
407 Proxy Authentication Required ( Forefront TMG requires authorization to fulfill the request. Access to the Web Proxy filter is denied.  )
Registered socket 3 for persistent reuse.
Disabling further reuse of socket 3.
Closed fd 3
2018-10-19 11:28:44 ERROR 407: Proxy Authentication Required ( Forefront TMG requires authorization to fulfill the request. Access to the Web Proxy filter is denied.  ).


With apt-get update, as root or with sudo, I get:

Code: Select all

Err:1 https://mirrors.ukfast.co.uk/sites/linuxmint.com/packages tara InRelease
  Invalid response from proxy: HTTP/1.1 407 Proxy Authentication Required ( Forefront TMG requires authorization to fulfill the request. Access to the Web Proxy filter is denied.  )  Via: 1.1 MORTMGS003  Proxy-Authenticate: Negotiate  Proxy-Authenticate: Kerberos  Proxy-Authenticate: NTLM  Connection: close  Proxy-Connection: close  Pragma: no-cache  Cache-Control: no-cache  Content-Type: text/html  Content-Length: 726        [IP: 1.2.3.4 1234]
Err:2 http://archive.ubuntu.com/ubuntu bionic InRelease             
  407  Proxy Authentication Required ( Forefront TMG requires authorization to fulfill the request. Access to the Web Proxy filter is denied.  ) [IP: 1.2.3.4 1234]
Err:3 http://archive.ubuntu.com/ubuntu bionic-updates InRelease     
  407  Proxy Authentication Required ( Forefront TMG requires authorization to fulfill the request. Access to the Web Proxy filter is denied.  ) [IP: 1.2.3.4 1234]
Err:4 http://archive.ubuntu.com/ubuntu bionic-backports InRelease
  407  Proxy Authentication Required ( Forefront TMG requires authorization to fulfill the request. Access to the Web Proxy filter is denied.  ) [IP: 1.2.3.4 1234]
Err:5 http://archive.canonical.com/ubuntu bionic InRelease
  407  Proxy Authentication Required ( Forefront TMG requires authorization to fulfill the request. Access to the Web Proxy filter is denied.  ) [IP: 1.2.3.4 1234]
Err:6 http://security.ubuntu.com/ubuntu bionic-security InRelease
  407  Proxy Authentication Required ( Forefront TMG requires authorization to fulfill the request. Access to the Web Proxy filter is denied.  ) [IP: 1.2.3.4 1234]
Reading package lists... Done
N: Ignoring file 'proxy.conf.not.working' in directory '/etc/apt/apt.conf.d/' as it has an invalid filename extension
N: See apt-secure(8) manpage for repository creation and user configuration details.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
E: The repository 'http://archive.ubuntu.com/ubuntu bionic InRelease' is no longer signed.
E: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/bionic/InRelease  407  Proxy Authentication Required ( Forefront TMG requires authorization to fulfill the request. Access to the Web Proxy filter is denied.  ) [IP: 1.2.3.4 1234]
N: See apt-secure(8) manpage for repository creation and user configuration details.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
E: The repository 'http://archive.ubuntu.com/ubuntu bionic-updates InRelease' is no longer signed.
E: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/bionic-updates/InRelease  407  Proxy Authentication Required ( Forefront TMG requires authorization to fulfill the request. Access to the Web Proxy filter is denied.  ) [IP: 1.2.3.4 1234]
N: See apt-secure(8) manpage for repository creation and user configuration details.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
E: The repository 'http://archive.ubuntu.com/ubuntu bionic-backports InRelease' is no longer signed.
E: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/bionic-backports/InRelease  407  Proxy Authentication Required ( Forefront TMG requires authorization to fulfill the request. Access to the Web Proxy filter is denied.  ) [IP: 1.2.3.4 1234]
E: Failed to fetch http://archive.canonical.com/ubuntu/dists/bionic/InRelease  407  Proxy Authentication Required ( Forefront TMG requires authorization to fulfill the request. Access to the Web Proxy filter is denied.  ) [IP: 1.2.3.4 1234]
E: The repository 'http://archive.canonical.com/ubuntu bionic InRelease' is no longer signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
E: Failed to fetch http://security.ubuntu.com/ubuntu/dists/bionic-security/InRelease  407  Proxy Authentication Required ( Forefront TMG requires authorization to fulfill the request. Access to the Web Proxy filter is denied.  ) [IP: 1.2.3.4 1234]
E: The repository 'http://security.ubuntu.com/ubuntu bionic-security InRelease' is no longer signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

As far as I'm aware, the proxy, or something it might be proxy-ing to, is NTLM. I know that attempting to install or update some Ruby Gems (asciidoctor-pdf etc) fails as the gem command cannot work from behind an NTLM proxy. I've tried and the gem support people advised me of the NTLM problem with proxies. :(

I've been all over these forums, Ubuntu Forums and Google in general, and everything relevant says to either create environment variables in /etc/environment and for apt-get, to use a file in /etc/apt/apt.conf.d as above. It appears that nothing at all works.

It's mildly amusing, for certain values of amusing, that the Oracle Linux VM can do everything but Linux Mint cannot do anything, except browse the web. :(


Any assistance gratefully received, thanks.


Cheers,
Norm.
Last edited by LockBot on Wed Dec 28, 2022 7:16 am, edited 1 time in total.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
NormanDunbar
Level 1
Level 1
Posts: 30
Joined: Thu Oct 25, 2012 11:46 am

Re: Problems getting Mint 19 LXDE to work with an NLTLM proxy.

Post by NormanDunbar »

There is no solution it seems. The problem isn't the actual proxy, it's that insidious "Forefron TMG" aka Microsoft Forefront Thread Management Gateway that's blocking me. :(

Cheers,
Norm.
Locked

Return to “Networking”