[solved] Getting trouble in configuring explicit proxy in zentyal 3.0

[Zent User]

No,file is downloading I was mistaken,nothing change I've made in middle. I've checked in IE also,result was same as of FireFox.

dig wpad.msserver01.lan

; <<>> DiG 9.8.1-P1 <<>> wpad.msserver01.lan
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15064
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;wpad.msserver01.lan.      IN   A

;; ANSWER SECTION:
wpad.msserver01.lan.   259200   IN   A   192.168.6.1

;; AUTHORITY SECTION:
msserver01.lan.      900   IN   NS   msserver01.msserver01.lan.

;; ADDITIONAL SECTION:
msserver01.msserver01.lan. 900   IN   AAAA   ::1

;; Query time: 3 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Nov 21 16:13:29 2012
;; MSG SIZE  rcvd: 107

[christian]

BTW did you look at /var/log/apache2/wpad.msserver01.lan-access.log ?
It will tell you if your browser tries to access your file or not.
Keep also in mind while applying changes, that you may have to restart your browser.

[Zent User]

@ Christian,

         I've did how you have suggested,"Auto Proxy Configuration URL" is working fine,when I've given as "wpad.msserver01.lan/proxy.pac",then blocked sites are inaccessible,thanks Christian for your guidance.

        But "Auto Proxy detect" is not working,

From "HowTo"

wpad            IN      A       192.168.0.10  (your wpad address here... if CNAME is not used)
                    IN      TXT     "service: wpad:!http://wpad.yourdomain:80/proxy.pac"
wpad.tcp       IN      SRV     0 0 80 wpad.yourdomain.

    When I give dig wpad.msserver01.lan above things are not showing except "A record " though I've configured "TXT" as service:wpad:!http://wpad.msserver01.lan:80/proxy.pac and "SRV" as wpad TCP 0 0 80 wpad . If I did this,I'm almost done Christian.

[christian]

you do not use "dig" with the right syntax.
Default entry type is "A" 

If you want to "see" your TXT record along with your A record, type this:

dig wpad.msserver01.lan ANY

if you want to "see" your SRV record, try this:

dig _wpad._tcp.msserver01.lan -t SRV

BTW, did you:
1 - try with IE
2 - Look at /var/log/apache/...

[Zent User]

dig wpad.msserver01.lan ANY

; <<>> DiG 9.8.1-P1 <<>> wpad.msserver01.lan ANY
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12898
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;wpad.msserver01.lan.      IN   ANY

;; ANSWER SECTION:
wpad.msserver01.lan.   259200   IN   A   192.168.6.1
wpad.msserver01.lan.   259200   IN   TXT   "service:" "wpad:!http://wpad.msserver01.lan:80/wpad.dat"

;; AUTHORITY SECTION:
msserver01.lan.      900   IN   NS   msserver01.msserver01.lan.

;; ADDITIONAL SECTION:
msserver01.msserver01.lan. 900   IN   AAAA   ::1

;; Query time: 3 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Nov 21 19:08:05 2012
;; MSG SIZE  rcvd: 170

dig wpad.msserver01.lan -t SRV

; <<>> DiG 9.8.1-P1 <<>> wpad.msserver01.lan -t SRV
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57971
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;wpad.msserver01.lan.      IN   SRV

;; AUTHORITY SECTION:
msserver01.lan.      0   IN   SOA   zentyal-server.msserver01.lan. hostmaster.msserver01.lan. 16 900 600 86400 0

;; Query time: 3 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Nov 21 19:09:31 2012

         I hope everything is configured perfectly,once check SRV record. I've checked in "/var/log/apache2/wpad.msserver01.lan-access.log" it showing only the logs of when we tried with "Auto Proxy Configuration URL", it is not showing any logs after I changed to "Auto Proxy detect".

 Note : I've tried with "wpad.dat" so,replaced everywhere with "wpad.dat" in place of "proxy.pac" .

         Thanks.

[christian]

Again and again, did you try with IE (Internet Explorer) ?
And did you remember to restart your browser in order to test?

Then now that we have reached the "auto-discovery step", it deserves some explanations (based on this RFC draft)
First you have to understand that you are not obliged to implement EVERYTHING as browser is suposed to try first mechanism first, then the second, then third...
Available mechanisms are (in this sequence)

• Dynamic Host Configuration Protocol (DHCP)
• Service Location Protocol (SLP)
• "Well Known Aliases" using DNS A records
• DNS SRV records
• "service: URLs" in DNS TXT records

1 - In term of auto-discovery, first mechanism to be used is DHCP but you can't implement it using Zentyal GUI. Furthermore, IE (Microsoft) doesn't support it 

2 - Second mechanism is SLP: I don't know any implementation for WPAD 

3 - Then the DNS "well known alias", meaning DNS A record describing "wpad.yourdomain" : this is definitely supposed to be the easy  but I don't know how to implement it easily with Zentyal  Why  ?   because you can't set, using Zentyal GUI, any A record in Zentyal DNS for IP address matching Zentyal server itself (BTW, how did you achieve it, using GUI?) One way to do it still using GUI only is to set secondary IP on same interface and point your A record here. Hopefully, your vhost will listen on this interface too 

4 - DNS SRV record: quite easy using Zentyal GUI. The only potentially unclear point is that RFC draft is showing "wpad.tcp" while SRV record is supposed to be "_wpad._tcp" instead (referring to RFC2782). Need to update /etc/services first in order to set it up using Zentyal GUI

5 - DNS TXT record: this one is another easy (perhaps the easier) implementation 


What I notice in what you show is:
- that you succeeded creating A record for wpad while at this same IP address you have msserver01 
- there is a typo in your TXT record (I suppose due to error I made in my howto (fixed now). Your TXT record should look like this:

Code: [Select]

wpad   IN   TXT   "service:wpad:http://wpad.msserver01.lan:80/wpad.dat" which using dig shows:

Code: [Select]

wpad.msserver01.lan.   259200   IN   TXT   "service:" "wpad:http://wpad.msserver01.lan:80/wpad.dat"
I don't think there is any "!" before "http" but I need to check further why I made such mistake.

[peter_b]

Christian,

I admire your patience. Reading all post I wondered if it is really that hard to do. So I set it up as in your tutorial.
I used the DNS method adding an alias wpad. I also added a virtual host wpad.mydomain.lan
Copied your example of wpad.dat to /srv/www/wpad.mydomain.lan
Set up some filtering rules just to test.
Made a change in IE9 en Firefox and guess what.
All works just fine.
I took me about 10 minutes to do.
Great job!

Regards Peter

[christian]

Peter,

From pure technical standpoint, this is really not as difficult as it may looks first.
I would even say that if you have the very minimum technical background to understand what does what, this is pretty straightforward.
But for some user with different background, it may require more explanation. What is really difficult, from my side, it to guess what is not understood from the other side and I'm not very efficient with this 
On top of this, "Zent user" is also experimenting with DNS plus some other Zentyal aspects, reason why, I suppose, his platform is not as stable as need to focus on this simple WPAD implementation.

Anyway, for most admins, this is pretty easy and definitely the way to go when you really want to control stuff around HTTP proxy 

[Zent User]

@ Christian,

       I tried from my end but unable to implement "Auto detect proxy", I tried in IE also,its not working. I'm thinking that,I might be done wrong in DNS configuration.

       In DNS module,I've only one domain(msserver01.lan) in "Hostnames" tab I've one record: 'Hostname'(wpad),ip(192.168.6.1 which is eth1 IP(internal interface),Alias(wpad.msserver01.lan,www.wpad).

       In "Nameservers" tab : 'Hostname' (wpad), in 'TXT records' tab I've two records : one is for kerberos and other is of Hostname(wpad),TXT data( service:wpad:!http://wpad.msserver01.lan:80/wpad.dat),I'm getting doubt on TXT data record,is correct ? I've written as I've shown you.

      In 'Services' tab, Service name(wpad),protocol(TCP),Priority(0),Weight(0),Target Port(80),Target(wpad) along with some Kerbose records.

     Above information looks so foolish,but I don't find other way. I've doubt on the configuration,in above text which looks "bold". Please ensure that I'm configuration is correct for "Auto Detect Proxy".

     Thanks

[Zent User]

@ Christian,

    Just know I've checked by deleting the SRV and TXT records and once again I've given dig cmd,the output of dig does not showing any difference after /before deleting the SRV & TXT records. I think there is something wrong in these two records only.In "HowTo" page you have modified the SRV entry also from "wpad" to "_wpad._tcp" should we also modify entry in "/etc/services" ? Please once observe the dig outputs which I've posted in previous post.

[christian]

You're probably right thinking something could be wrong with DNS.
Let's try to make it simple: if you have only one A record (wpad), remove the WPAD SRV record and also the WPAD TXT record.
Aliases your added to wpad hostname are useless (for what concerns WPAD at least) remove it for testing purpose.

Feel free also to tell me how you can access msserver01.msserver01.lan if there is no DNS record matching it. Answer to this might help to understand what's currently wrong.

Once SRV and TXT records are removed, give a try again and let us know.

[christian]

Regarding DIG output and the HowTo:
I've modified it to introduce the "_" (underscore) because RFC2782 describes DNS SRV records with such underscore but it has been written after the RFC draft about WPAD. So I aligned with the newest.
No need however to change /etc/services files. Service is still "wpad" without underscore and no need to creat this service with underscore neither, ZEntyal interface will handle it for you transparently.

Again, try to make it simple: we will look at SRV and TXT records later. For the time being, remove it so that we can work on the "well known alias" method only.

[Zent User]

Let's try to make it simple: if you have only one A record (wpad), remove the WPAD SRV record and also the WPAD TXT record.
Aliases your added to wpad hostname are useless (for what concerns WPAD at least) remove it for testing purpose.

            I've removed SRV,TXT and aliases.

Feel free also to tell me how you can access msserver01.msserver01.lan if there is no DNS record matching it. Answer to this might help to understand what's currently wrong.

       Ya,there is only one hostname in my DNS i,e "wpad",but when I give "nslookup msserver01.msserver01.lan" then its pointing to my server ip only(192.168.6.1),the only thing I remembered is "I have given hostname of as msserver01" while install the Zentyal that's it,other records regarding "msserver01" is not exist.

[christian]

1 - Please show us DNS content for msserver01.msserver01.lan using dig command.
2 - once SRV and TXT records removed, is there any difference in the way auto-detection works ? Remember you will have to either only restart you browser or, because of changes at DNS level, clear client DNS cache or reboot (this is easier) your client before testing.

[Zent User]

dig msserver01.msserver01.lan

; <<>> DiG 9.8.1-P1 <<>> msserver01.msserver01.lan
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45552
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;msserver01.msserver01.lan.   IN   A

;; ANSWER SECTION:
msserver01.msserver01.lan. 259200 IN   A   192.168.6.1

;; AUTHORITY SECTION:
msserver01.lan.      900   IN   NS   msserver01.msserver01.lan.

;; ADDITIONAL SECTION:
msserver01.msserver01.lan. 900   IN   AAAA   ::1

;; Query time: 2 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Nov 22 13:47:47 2012
;; MSG SIZE  rcvd: 102

      There is no difference before/after removing SRV and TXT records in "Auto Detection" working,but "Auto Proxy configuration URL" is working fine.
      Every time I'm rebooting the systems( both client & server  ) if do any changes in DNS.