Installing Debian behind a Windows proxy
The Debian “netinst” or network installer is a great way to download only the packages you need when installing a Debian system. However, as you might have guessed from the name, an internet connection is required during the installation. This might pose a problem if you find yourself installing a Debian system in a (corporate) Windows environment where internet access is restricted by a web proxy that uses Microsoft’s Active Directory for user authentication.
At some point during the installation the Debian installer lets you
choose a download mirror and prompts you for the proxy settings. But no
matter in which format you try to enter the proxy address and user
credentials (e.g.,
http://user:password@proxyaddress:portnumber
or something
similar) the connection to the download mirror will probably fail and on
virtual console 4 the following error message will be displayed:
mirror does not support the specified release
This does not necessarily mean what it says; taking a look at the proxy logfiles may instead reveal the true cause of this error with an entry like this:
TCP_DENIED/407 GET http://ftp.de.debian.org/debian/dists/wheezy/Release
The status message TCP_DENIED/407 tells us that authentication with the proxy has failed. It seems as though the Debian installer can’t properly handle the Windows/NTLM authentication used by the proxy. Don’t despair though, there are ways to fix this.
Possibility 1: Messing with the proxy
If you are in control of the proxy’s configuration you can of course
just tell the proxy to allow access to the URLs
ftp.de.debian.org
(insert your local mirror here) and
security.debian.org
without any authentication. How to
achieve this depends on the proxy server software you are using.
With these settings you can omit any username or password and just
tell the Debian installer to use a proxy like
http://proxyaddress:portnumber
. Then the installation works
like a charm.
Since the proxy settings are automatically written to
/etc/apt/apt.conf
in the form
Acquire::http::Proxy "http://proxyaddress:portnumber";
any
package management operations like installing or updating software
packages will also work thereafter as long as the proxy allows access to
the relevant URLs.
Possibility 2: Doing a netinst without net…
If you are not willing or able to modify your proxy’s configuration you can proceed with the installation process without an internet connection: Just skip the selection of a download mirror. The Debian installer will then continue without any problems and install a very minimal system.
… and adding internet access afterwards
Although you now have a perfectly working system you probably will want to install additional software packages or do other things that require internet access soon after the installation.
To do so, you can make Debian play nicely with an Windows/AD integrated web proxy using cntlm as described in a previous blog post. However, if you installed a minimal system without any internet connection, you obviously cannot install cntlm the usual way via aptitude or apt-get.
Instead, get the appropriate (32 or 64 bit) package for your system as a .deb file from the cntlm sourceforge site. You will of course have to do this on another computer which already is connected to the internet. Copy the .deb file to your newly installed system (e.g., via a USB drive or a web server in your local network) and install it with the following command (insert the name of your downloaded file):
sudo dpkg -i cntlm_0.92.3_amd64.deb
Then configure cntlm as described in the abovementioned blog post.
Finally, tell your system what download mirrors to use. This is
necessary because if you skipped the selection of a download mirror
during the Debian installation your system cannot know where to look for
software repositories. You have to add download mirrors manually in
/etc/apt/sources.list
, consisting of lines like this:
deb http://ftp.de.debian.org/debian/ wheezy main
Now you can install whatever software packages you need.