Wednesday, December 18, 2013

Apt-get behind a corporate proxy: A tale of Ironport, 401 errors, and NTLM

I was trying to fetch packages via aptitude and apt-get, but I would get "ign" or "401 Authorization Required" when attempting it.  I knew we had a proxy set up and figured out where it was. I tried all the advice to use user:pass@domain as the http_proxy value directly to no avail, but NTLM was the way to get out in our Windows oriented shop. Oddly, wget would work to download the package indexes, but apt-get could not.

A tool called cntlm creates a little proxy at a specified port on your box which handles authentication with the real proxy. I found a good guide here* for how to set it up, but see my notes and added clarification about the config parameters below. Keep in mind that there will be trial and error if you have an uncooperative network security team in your organization. I had to figure out where the proxy was, the port to use, and masquerade the server as my desktop workstation to get it all going. Good luck, and don't give up. Once you get the settings right, this works flawlessly.

Parameters in /etc/cntlm.conf:
    1. username - Active Directory username
    2. domain - Active Directory domain
    3. workstation - Name of the workstation (feel free to spoof this to that of another machine, NTLM can't stop you)
    4. proxy - the ip:port of the proxy
    5. listen - the local port to use for relaying your traffic 
* Note that the value in the -M parameter value in "cntlm -H -M" had to be something other than the proxy itself (eg in order to work for me.

* Note that the guide I linked shows two separate hashes for the password (PassNT and PassLM), but you may only get one with NTLMv2 (PassNTLMv2) as shown at the bottom of the cntlm page. This is fine, and just paste that one line into your /etc/cntlm.conf.

Sunday, July 7, 2013

Linux Mint Overscan Woes

I fired up Linux Mint 15 because my Ubuntu distribution was looking a bit dated, and it had developed an overscan problem where the edges of the screen went off the monitor. I am using an nvidia graphics card with nvidia drivers.

The overscan was all screwed up on my 23 inch Hannspree monitor. It was listed as device DFP-1, and no resolution I could use in the nvidia-settings GUI menu would resolve the problem.

I needed to set a metamode to fix the overscan. I headed over to this page, and the metamode suggested worked perfectly with "DFP-0" altered to

DFP-0: 1920x1080 { ViewPortOut=1820x1020+50+30, ViewPortIn=1920x1080 } 

  1. sudo nvidia-xconfig
  2. gksudo nvidia-settings

Then plug your custom resolution configuration into nvidia-settings like so. Note that I had to manually select the 1920x1080 resolution or the settings below it wouldn't work right:

After that, hit apply. Then click save to X configuration file.

If you lose your settings after a restart, then you may be experiencing a problem that plagued me for a long time. My solution is HERE.