cntlm and bluecoat

Issues related to configuring your network
Post Reply
D8TA
Posts: 33
Joined: 2010/01/27 20:45:39

cntlm and bluecoat

Post by D8TA » 2015/06/10 13:58:45

I am coming from a SUSE server where I am more familiar with how things work and where config files are located. I'm trying to get a better understanding of CentOS to help reduce subscription costs associated with our SLES machines and be more "open" in terms of both the OS and management tools like Spacewalk.

Anyways, I have CentOS 7 up and running, the latest version downloaded from the site as of two days ago. In the SLES environment I need to leverage cntlm which I proxy out on port 3128 so I can get to the outside world for both updates and regular communication, web, ftp, etc. We use Bluecoat which don't get me started :) and certificates for browsing. I have installed cntlm and configured the same way as I have on my SLES server but I can't figure out the proxy stuff on CentOS 7. I go under Settings | Network | Network proxy and change Method to Manual and for the HTTP and HTTPS Proxy have 127.0.0.1 3128 yet when I run a netstat -an | grep 3128 it isn't listening. I have the cntlm config setup to use 3128 and on the SLES server everything is working and I can hit the update channels and transfer files just fine from the outsite. On the CentOS 7 server I get this message which indicates something isn't started. I haven't disabled selinux as I was wanting to try and understand how to manage that as well during this process. Any helpful tips to get this working?

yum update
Loaded plugins: fastestmirror, langpacks
Could not retrieve mirrorlist http://mirrorlist.centos.org/?release=7 ... nfra=stock error was
14: curl#7 - "Failed connect to localhost:3128; Connection refused"


One of the configured repositories failed (Unknown),
and yum doesn't have enough cached data to continue. At this point the only
safe thing yum can do is fail. There are a few ways to work "fix" this:

1. Contact the upstream for the repository and get them to fix the problem.

2. Reconfigure the baseurl/etc. for the repository, to point to a working
upstream. This is most often useful if you are using a newer
distribution release than is supported by the repository (and the
packages for the previous distribution release still work).

3. Disable the repository, so yum won't use it by default. Yum will then
just ignore the repository until you permanently enable it again or use
--enablerepo for temporary usage:

yum-config-manager --disable <repoid>

4. Configure the failing repository to be skipped, if it is unavailable.
Note that yum will try to contact the repo. when it runs most commands,
so will have to try and fail each time (and thus. yum will be be much
slower). If it is a very temporary problem though, this is often a nice
compromise:

yum-config-manager --save --setopt=<repoid>.skip_if_unavailable=true

Cannot find a valid baseurl for repo: base/7/x86_64

D8TA
Posts: 33
Joined: 2010/01/27 20:45:39

Re: cntlm and bluecoat

Post by D8TA » 2015/06/10 14:06:06

Here is more information from the logs:

Jun 11 07:05:18 localhost cntlm: Starting cntlm version 0.92.3 for LITTLE endian
Jun 11 07:05:18 localhost cntlm: Proxy listening on 127.0.0.1:3128
Jun 11 07:05:18 localhost cntlm: Workstation name used: testcentosserver1
Jun 11 07:05:18 localhost cntlm: Using following NTLM hashes: NTLMv2(1) NT(0) LM(0)
Jun 11 07:05:18 localhost cntlmd: Starting CNTLM Authentication Proxy: [ OK ]
Jun 11 07:05:18 localhost cntlm[56648]: Daemon ready
Jun 11 07:05:18 localhost cntlm[56648]: Changing uid:gid to 991:989 - Success
Jun 11 07:05:18 localhost cntlm[56648]: Error creating a new PID file
Jun 11 07:05:18 localhost systemd: Started LSB: start/stop the cntlm proxy

rivaldid
Posts: 3
Joined: 2015/10/08 10:15:17

Re: cntlm and bluecoat

Post by rivaldid » 2015/10/08 10:28:54

i had the same problem, it runs with same machine on localhost and not by remote, the windows machine.
to get access by the remote machine i have to launch with his command line cntlm -v -c /etc/cntlm.conf, it looks like an ini script not properly working but i had a look and dont find issue. any idea?

rivaldid
Posts: 3
Joined: 2015/10/08 10:15:17

Re: cntlm and bluecoat

Post by rivaldid » 2015/10/08 19:06:55

fixed Error creating a new PID file in this way
mkdir /var/run/cntlm
chgrp cntlm /var/run/cntlm/
chmod g+w /var/run/cntlm/
systemctl start cntlm.service
i'm working on a another fix to get logged cntlm history, i'm using the official rpm for cenOs built by official site

rivaldid
Posts: 3
Joined: 2015/10/08 10:15:17

Re: cntlm and bluecoat

Post by rivaldid » 2015/10/09 10:07:42

ok journalctl is the answer. thanks

Post Reply

Return to “CentOS 7 - Networking Support”