Slashdot Mirror

← Back to Stories (view on slashdot.org)

Non-Windows Clients Working Behind MS Proxy?

Posted by Cliff on from the when-will-they-ever-learn-to-play-fair dept.

ikekrull asks: "I am, like many, stuck behind an MS Proxy Server 2 'firewall'. MS Proxy Server 2, refuses to route anything that doesn't go through a Windows-only MS Proxy Client. Supposedly it supports SOCKS5, but I have heard from various people that this support is also broken except for Windows clients. Is there a way, short of replacing the MS Proxy server with something a little more sane, to make non-Windows Operating Systems work behind this 'firewall'? Can I run another piece of proxying software alongside Proxy Server 2 just to service my Linux machines?"

"Has anyone reverse-engineered the MS Proxy client and made a version that works with Linux? Would it be possible to run the windows proxy client under WINE (very doubtful i know). I would ideally like seamless access, the kind i get with my ipchains-based Linux box at home, but something that let me surf the Web, ftp, and telnet and SSH around would be ok.

I am real pissed off with the way that MS Proxy Server 2 has been deliberately engineered to work only with Windows clients, I didn't notice this mentioned in the anti-trust case, but it sure as hell should be.

Any help would be appreciated."

If Microsoft expects their server OS to be used as servers in heterogeneous environments, they really should start look at supporting clients that aren't Microsoft. Would it really be all that difficult?

17 comments

  1. Use Junkbuster by phil+reed · · Score: 4

    You can have Junkbuster substitute the User Agent header with something that the proxy finds more to it's liking.


    ...phil

    --

    ...phil
    "For a list of the ways which technology has failed to improve our quality of life, press 3."
    1. Re:Use Junkbuster by Java+Geek · · Score: 1

      Use PPPshar from http://www.pppindia.com/intl/pppshar Of course, you can disable port 80 in MS Proxy and install PPPshar. It is simple and works with all OSes.

  2. Is MS-Proxy really refusing to route? by Remote · · Score: 3
    I've recently had a similar problem, maybe it will shed some light on this long discussion :) : I'm in an NT network (which works damn fine, except for this problem I'm describing) and we used to have a proxy firewall. I used Netscape to browse. The sysadmin gave me a fixed IP and allowed me to ftp (which is not needed for my job but the guy is very nice and monitors everything). He asked me it I wanted to telnet outside our organization also but I declined. Everything was running ok. One day they switched the proxy software to MS-Proxy and I couldn't use Netscape any more. I talked to him and he told me that he suspected NS sends the password as plain text, whereas MS-Proxy expect them to be encrypted. It was kind of a wild guess from him, as I'm probably the only one in this 5,000 people organization that uses NS. He said he could go after the cause and a fix but I told him to let it be, he's pretty overloaded already.

    I did my own search and what I found is that it is probably an authentication issue, having to do with MS-Proxy expecting NT hashes instead of LAN hashes, which your Linux client is probably sending. I read in more than one place (unfortunately I can't give you a link) that it *can* be fixed, but nobody seems to know how!

    I'm not an NT network administrator, I'm probably missing something, I may be downright wrong, but if I am I would like to hear from more enlightened people.


    1. Re:Is MS-Proxy really refusing to route? by Remote · · Score: 1

      For the sake of clarity, what I mean by "it can be fixed" is that one has to configure MS Proxy to accept requests from non-NT clients.

    2. Re:Is MS-Proxy really refusing to route? by david-currie · · Score: 3
      I'm not sure if this is the same problem I have with the local HTTP proxy here running on NT/IIS, but a technical description of what is happening and how to implement the authentication for HTTP proxies is here and here respectively.

      Dave

    3. Re:Is MS-Proxy really refusing to route? by SEWilco · · Score: 3
      Yes, the usual problem with non-MS tools and MS Proxy is the NT Challenge/Response (NTLM) authentication, which is on by default. IE knows how to deal with it, but not others.

      The MS Support KB articles Q245237 and Q218484 try to describe how to change configuration settings to allow Netscape to work with MS Proxy (I'd give links, but the MS KB web format has broken links in the past -- and even the MS Home Page doesn't have the correct link to the current MS Support home page).

  3. Dante by divbyzero · · Score: 1


    According to Freshmeat, there is a program called "Dante" which might help. I haven't tried it myself, though.

    But my grandest creation, as history will tell,

    --
    But my grandest creation, as history will tell,
    Was Firefrorefiddle, the Fiend of the Fell.
    1. Re:Dante by AndrewSchaefer · · Score: 2

      I can't say enough about dante. It works well with M$ proxy server. The only problem is the authentication to it, which Microsoft has severely altered so that it isn't really Socks5 any more. What you do is get a 98 box /w proxy client on it, stick one of those cheap Socks 5 proxy servers on it, and then go to it as the proxy. Not pretty, but it works. Dante will act as a wrapper to your programs, so stuff like telnet and ftp will run just fine. I lived at a school that had a hellish NT setup and was elated to find out that I could actually get some work done. E-mail me with questions.

  4. Netscape for SCO work NP by grimmy · · Score: 1

    I used netscape at school when we where studying Unixware. All I did was point it to the proxy box and set the socks port. Never had any trouble.

    The proxy client is only for programs that don't support http-proxy or socks.

  5. Double Proxy? by True+Dork · · Score: 1

    Why not try putting a Windows NAT server on a workstation that is running the proxy client and point the non-Windows boxes at it as the gateway? I realize this is extra LAN traffic, but it could work.

    1. Re:Double Proxy? by ikekrull · · Score: 1

      Yes! this is exactly the sort of solution i need.

      I presumed this just wouldn't work, but now i think about it, it *should* work fine.

      A bit more network traffic is a small price to pay for feeling at home on my computer again.

      Thanks

      --
      I gots ta ding a ding dang my dang a long ling long
  6. Re:Double Negative? by ikekrull · · Score: 1

    Sure, but when youre stuck with a sys admin who 'just doesn't feel comfortable' working with anything that doesn't have a big, thorny Microsoft butt-plug attached to it, 'bad network grammar' seems to be a minor problem.

    If it was up to me, i would simply remove MS Proxy Server 2 and replace it with a Linux (maybe BSD) box running ipchains (or the BSD equivalent) and squid. I would do it on a smaller box, for less money, and it would perform better, be more transparent to the users, support more OSes, and need very little maintenance.

    I've told my sys admin all of this, and he thinks it would be a good idea, but basically, he's afraid of what happens when you try and remove that barbed butt-plug.

    Its been jammed tightly up his ass for years, and it's working its way slowly towards the brain.

    --
    I gots ta ding a ding dang my dang a long ling long
  7. Should work anyway by swmccracken · · Score: 1

    Doesn't using the thing as a normal web proxy on port 80 (that's not a typo -- port eighty, same as normal http) work? Does for proxy 1, so long as the administrator has installed the normal web proxy module. (Yes, it does work. I surf from linux at home to a proxy 1 installation at work via a NT RAS PPP server). Course this is only FTP and HTTP, but better than nothing. Odd that it's port 80.. but that's microsoft for ya

  8. Re:Is MS-Proxy really refusing to route? (url fix) by Jim+Buzbee · · Score: 3

    The first link in the above paragraph should be this

    Jim

  9. Related topic discussed by Etyenne · · Score: 1

    Similar problems where discussed here less than a month ago.

    --
    :wq
  10. If it's asking for security... by pigpogm · · Score: 1

    ...then it probably wants NT Challenge/Response security, and won't accept plain text. I've got a similar situation here - an MS Poxy Server that expects authentication, but various bits of client software that don't provide the authentication, or give it in the wrong format.

    What i've done here is to set up an NT Server running Poxy, that routes upstream through the existing Poxy. It authenticates with that Poxy, but doesn't require authentication itself.

    The result is, client app connects to 127.0.0.1:80 as a poxy, then my MS Poxy connects to the company's MS Poxy, using the authentication it's configured with. That connects out to the internet.

    Of course, if you've got any influence over the main MS Poxy server, you can just turn off the authentication.

    --
    PigPog.
  11. Two possibilities by The+Pim · · Score: 1
    1. Dante, which is mostly socks but has MS Proxy support.
    2. (Only if you have no luck with Dante.) Get the unsupported, discontinued pre-release of my version at http://pimlott.ne.mediaone.net/wsproxy/

    --

    The evaluation of an action as 'practical' . . . depends on what it is that one wishes to practice.