Validate IP addresses and the systems are reachable on the network

Validate IP addresses and the systems are reachable on the network

Getting Started - The Preparatory Steps

To keep the discussion easy to understand and replicate, we will use an example, and set out the process in ordered sequence of steps. We will also include steps for validating to ensure if any of the steps may not have been correctly taken.
In our example
We are using a Linux based host for deploying our Kerberos based SafeSquid
  1. FQDN of our Linux host: sabproxy.safesquid.test
  2. IP address of our Linux host: 192.168.221.222
We have a Microsoft Windows AD setup
  1. FQDN of Microsoft AD Domain: safesquid.test
  2. FQDN of Domain Controller: ad.safesquid.test
  3. IP address of our Domain Controller: 192.168.221.1
We will use additionally use a Windows Desktop, just for the purpose of validating our efforts.
  1. FQDN of our Windows Test Desktop: windows7.safesquid.test
  2. IP address of our Windows Test Desktop: 192.168.221.212
Linux machine
sabproxy.safesquid.test
192.168.221.222
Windows Active Directory
ad.safesquid.test
192.168.221.1
Windows Test machine
windows7.safesquid.test 
192.168.221.212

Network Connectivity

On EACH of the 3 above computers do the following
  1. ping the Linux host IP address
  2. ping the Domain Controller IP address
  3. ping the Windows Test Desktop IP address
Run below commands on Linux console(putty)
  1. ping 192.168.221.222
  2. ping 192.168.221.1
  3. ping 192.168.221.212
If any of the above seems to be unsatisfactory, fix the TCP/IP network configurations, before proceeding.

Validate that all our systems are using the same DNS provider

In a Microsoft AD based network, it is highly recommended to use the DNS provider that usually defaults to the Domain Controller itself.
On the Windows Systems these are specified in the TCP/IP configuration
On the Linux host view and confirm /etc/resolv.conf
Confirm that it reads as follows:
Run below command on Linux console (putty)
  1. Vim /etc/resolv.conf
  2. # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
  3. # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
  4. nameserver 127.0.0.1
search safesquid.test
On EACH of 3 systems use nslookup as follows to confirm that DNS is effectively serving our requirements.
Run below commands on linux console
  1. nslookup sabproxy.safesquid.test
  2. nslookup ad.safesquid.test
  3. nslookup windows7.safesquid.test 
  4. root@sabproxy:~# nslookup sabproxy.safesquid.test
  5. Server:         127.0.0.1
  6. Address:        127.0.0.1#53
  7. Non-authoritative answer:
  8. Name:   sabproxy.safesquid.test
  9. Address: 192.168.221.222
  10. root@sabproxy:~# nslookup ad.safesquid.test
  11. Server:         127.0.0.1
  12. Address:        127.0.0.1#53
  13. Non-authoritative answer:
  14. Name:   ad.safesquid.test
  15. Address: 192.168.221.1
If any of the above seems to be unsatisfactory, fix the DNS server configuration, by restarting the service or re-booting the Domain Controller host, before proceeding.
  1. root@sabproxy:~nslookup ad.safesquid.test
  2. Server:         127.0.0.1
  3. Address:        127.0.0.1#53
  4. server can't find ad.safesquid.test: NXDOMAIN
If you face any issue as shown above, check monit service and verify
While doing configuration for SSO authentication if you give FQDN\IP in this format and select Bind method as "Negotiate" 
SafeSquid will create the stub zone for DNS resolution of your Active Directory server.
After completing the entire configuration when you save the entry, the file with stub zone will create with the name: safesquid.dns.conf (automatically)
A given path :(verify it)
  1. /usr/local/safesquid/security/dns 
  2. Also, it will automatically copy at given path:(verify it)
  3. /etc/bind/
  4. (Note: Monit service must be running)
  5. root@sabproxy:/usr/local/safesquid/security/dns# cat safesquid.dns.conf
  6. zone safesquid.test {
  7. type stub;
  8. masters {192.168.221.1;};
  9. };
  10. root@sabproxy:/etc/bind# cat safesquid.dns.conf
  11. zone safesquid.test {
  12. type stub;
  13. masters {192.168.221.1;};
  14. };
If safesquid.dns.conf is empty, configure LDAP for SSO authentication from SafeSquid Web GUI LINK properly and then do above steps again to verify.
Note: Monit service should be running.

Validate each of the systems has same time and preferably timezone

Ensure that the time synchronization remains same across all the 3 system.
Confirm time synchronization using below command (use the IP address or the FQDN )
root@sabproxy:~# ntpdate sabproxy.safesquid.test
17 Apr 11:31:44 ntpdate[20275]: the NTP socket is in use, exiting
root@sabproxy:~# ntpdate 192.168.221.222
17 Apr 11:32:20 ntpdate[20276]: the NTP socket is in use, exiting