Tag Archives: order

How to Install Squid with Active Directory Authentication on Debian

How to Install Squid with Active Directory Authentication on Debian

Squid is a caching proxy software, licensed under GNU GPL, (free software).
It can help your Organization to reduce bandwidth and improves response times by caching and reusing frequently-requested web pages.
Squid has extensive access controls and if you don’t mind Command Line Interface is not too hard to configure. It runs on most available operating systems including Windows.
The following article is a step by step HOW TO Install Squid on Debian. Most of the steps are easily applicable to any other Linux distribution such as: RedHat, Suse, Ubuntu, etc…

Hardware requirements

Choose the machine wisely – if you are running a 50 computers Network a PIII should be enough provided that all you do is Web Caching and Filtering.
The memory is the most important and after that the disk speed. If you plan your proxy for a bigger Network you should consider using SCSI drives or SAS, and a faster CPU.
Memory requirements are explained later in the document.

Package Installation

Instal Debian minimal. The install cd, (only 650Mb) should be enough for this.
Reboot after installing and add packages with Aptitude (grafical interface) or "apt-get install program".
Add the following packages:
Openldap
Samba
Kerberos apt-get install krb5-{admin-server,kdc}
PAM apt-get install libpam0g-dev
Squid
Apache if you want proxy Auto-Configuration apt-get install apache2
Dansguardian if you need advanced WEB filtering
SARG if you want a log analyzer for your WEB access/filter

– – – – – – – – – – – – – – – – – – – – – –

Configure Samba

Samba is going to be used for authentication.
Note that if you run squid in transparent mode the authentication will not work.

#nano -w /etc/samba/smb.conf

Add or remove daemons to autostart
#update-rc.d  winbind defaults
#update-rc.d  samba defaults

– – – – – – – – – – – – – – – – – – – – – –
[global]
netbios name = proxy
realm = SUBDOMAIN.DOMAIN.ROOT
workgroup = SUBDOMAIN
security = ADS
password server = server1.subdomain.domain.root server2.subdomain.domain.root
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
idmap uid = 10000-20000
domain master = no
local master = no
preferred master = no
winbind enum groups = yes
winbind enum users = yes
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind separator = +
winbind use default domain = Yes
encrypt passwords = yes
log level = 5 passdb:5 auth:10 winbind:5
server string = proxy
dns proxy = no
log file = /var/log/samba/log.%m
max log size = 1000
syslog only = no
syslog = 0
encrypt passwords = true
load printers = no

– – – – – – – – – – – – – – – – – – – – – –
Do not add other parameters to the configuration file as they are not needed.
You can always tweak your configuration file later on if you need additional tweaking. If you do need further modifications do one at a time and test it extensively before release to production.
After editing smb.conf run the following command
# testparm
This will test your samba configuration file against any errors.
If there are no errors restart samba:
proxy:~# /etc/init.d/samba restart
proxy:~# /etc/init.d/winbind start
– – – – – – – – – – – – – – – – – – – – – –
Add the server to the domain
#net ads join "Ottawa Computers/Servers" -U Administrator -S server1.sub-domain.domain.edu
If you have Windows 7 you might get this in your /var/log/samba/log.wb: "NTLM CRAP authentication for user returned NT_STATUS_INVALID_PARAM"
If you get it follow the instructions below to tell Windows to use NTLM version1. Note that this is a security downgrade and it opens the door for an SMB man-in-the-middle attack. Asses the risks and the advantages before you do the change.

Run local GP on W7 gpedit.msc and look for:
Local Policies Security Options Network security: LAN Manager authentication level
Change from "Not Defined" to "LM & NTLM – Use NTLMv2 session if negotiated"
– – – – – – – – – – – – – – – – – – – – – –

Configure Squid

Make a backup copy of the default configuration file:
# cp /etc/squid/squid.conf /etc/squid/squid.conf.original
Edit the file squid.conf:
#nano –w /etc/squid/squid.conf
Replace everything in the file with the below text:

– – – – – – – – – – – – – – – – – – – – – –

#Proxy configurationuration - /etc/squid.squid.conf

# AUTHENTICATION
# -----------------------------------------------------------------------------
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 30
auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
auth_param basic children 5
auth_param basic realm Squid Proxy Server
auth_param basic credentialsttl 2 hours
acl authenticated_users proxy_auth REQUIRED
http_access allow authenticated_users
auth_param ntlm keep_alive on

# ACCESS CONTROLS
# -----------------------------------------------------------------------------
#Deafult acl’s
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8

#Declare your local network and any additional subnets
acl localnet src 192.168.100.0/24                # RFC1918 possible internal network
#acl remotesite src 192.168.200.0/24

#You would like that some of the users to be excluded from the logging.
###acl bosses src 192.168.100.255/30
###log_access deny bosses

#Tell Squid to not log google.ca
#Define the acl for google using regex
acl google url_regex ^http://www.google.ca
#Deny logging the acl
log_access deny google

#Allow the access for your localnet.
http_access allow localnet
#http_access allow remotesite

#Define allowed ports
acl SSL_ports port 443                    # https
acl SSL_ports port 563                    # snews
acl SSL_ports port 873                    # rsync
acl Safe_ports port 80                    # http
acl Safe_ports port 21                    # ftp
acl Safe_ports port 443                  # https
acl Safe_ports port 70                    # gopher
acl Safe_ports port 210                  # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280                  # http-mgmt
acl Safe_ports port 488                  # gss-http
acl Safe_ports port 591                  # filemaker
acl Safe_ports port 777                  # multiling http
acl Safe_ports port 631                  # cups
acl Safe_ports port 873                  # rsync
acl Safe_ports port 901                  # SWAT
acl purge method PURGE
acl CONNECT method CONNECT

http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localnet
http_access allow localhost

# And finally deny all other access to this proxy
http_access deny all

# NETWORK OPTIONS
# -----------------------------------------------------------------------------
http_port 3128

# MEMORY CACHE OPTIONS
# -----------------------------------------------------------------------------
#The memory needed for caching used files. The more you have the faster works. (No disk access.)
cache_mem 256 MB
#Objects bigger than this should be stored on the hard-drive. This can be lower than 8kb if your server has little memory.
maximum_object_size_in_memory 8 KB

# DISK CACHE OPTIONS
# -----------------------------------------------------------------------------
#Make sure you have enough space. And mount this on a fast disk or a raid0.
##cache_dir ufs /var/squid/cache 1000 16 256
cache_dir diskd /var/squid/cache 500 16 256

#This is extremely useful if your users download big files. You can even increase this depending on usage.
maximum_object_size 40960 KB

# LOGFILE OPTIONS
# -----------------------------------------------------------------------------
#This logging format includes the date the address requested the IP address of the requestor and the AD user who made the request.
#Human resources need to know what your users browse during the workday.
logformat squid %tl %6tr %>a %Ss/%03Hs %<st %rm %ru %un %Sh/%<A %mt
#Where to store all of this data.
access_log /var/log/squid/access.log squid

# ADMINISTRATIVE PARAMETERS
# -----------------------------------------------------------------------------
cache_mgr admin@mycompany.net
mail_from squid@ mycompany.net
visible_hostname proxy

# DNS OPTIONS
# -----------------------------------------------------------------------------
##You have the option to use the ISP’s DNS here
# dns_nameservers 10.0.0.1 192.168.0.254
hosts_file /etc/hosts
uri_whitespace allow
http_access deny all

#### --- End of the configuration file --- ####

– – – – – – – – – – – – – – – – – – – – – –

Run the command squid –z to let squid create the necessary directories.
#squid –z
Add the squid daemon to auto-startup, on a Debian machine the command is: 
#update-rc.d  squid defaults
Start squid
#/etc/init.d/squid start

Suggestion:
Test squid without authentication first. If this works go to the next step.
To test without authentication, comment all of the parameters in the Authentication section by adding the “#” sign at the beginning of line and restart squid.

Add or remove daemons to autostart
cd /etc/init.d/
update-rc.d  winbind defaults
update-rc.d -f apache2 remove

Tweaking performance on SQUID

A few settings that can dramaticaly improve the performance on your proxy:

cache_dir ufs /var/spool/squid 1000 50 256
This is the default Squid storage type configuration.
Change the storage type from ufs to aufs if using a Linux or variants.
Change the storage type from ufs to diskd if using BSD or variants.
If you use Windows, is probably for testing purposes, or because you don’t have a machine. Once the testing is done change to Linux or BSD.
The numeric parameters are:
First parameter is the amount of disk space in Mbytes to be used by Squid. The more you use the more physical memory (RAM) you need for indexes in order to be effective.
The rule is that you need
If you want to use the whole drive’s, (partition), space make sure you subtract 20% and use that value. In other words you can only use 80% of the drive.
The second and third parameters are the number of first and second level subdirectories that are created.

cache_mem 64 MB
The more memory you have the better it performs. Local, (cached), objects are much faster to retrieve than external ones.
The more local objects you can store the faster Squid responds.
Squid uses cache for many things other than memory cache, so make sure you have enough memory left when you configure cache_mem.

Memory cache is better for speed than disk, but is lost more easily and you can get bigger cache total spending RAM on indexes.

maximum_object_size 20480 KB
Today’s Internet usage contains has a lot of traffic in the 2MB to 200MB range. This traffic is comprised of multimedia objects, update files, etc.
You need to investigate your traffic and see what is a good number for you.

maximum_object_size_in_memory 64 KB
If you have little memory keep the default 8 KB. It is better to serve more fast pages from memory than a few slow pages that will run faster.

Check if your proxy works and if is logging properly the access.
On your proxy machine run the following command to see realtime access on the proxy: tail -f /var/log/squid/access.log On a client computer open the browser of your choice and change Networking options so that the browser uses the newly installed proxy.
Start to browse and look on the proxy’s console to see your activity logged.

How to Troubleshoot Internet Connection Speed

Who didn’t have problems with the Internet speed at least once? OK, many of us, but as an IT professional I always meet and talk to the people who did have problems with their Internet Speed.
I hate to be run through standard procedure, which by the way I know by hearth, (I used to work in an ISP call center). You probably hate it too. If your problem is the Internet connection you will probably have to talk to an agent anyway, but, (with the help of my article), you will know from the start what’s wrong with your Internet connection.

Step 0 – Never Assume

First think I have learned in the Call Center was to never assume. Many times, when people call the Help Line they have a “pretty good idea” of what’s the problem. Usually they are wrong. Don’t do this mistake, do not presume or, do not presume without checking the facts. We hate the Call centers for making us do stupid things, check things that we don’t need to. The truth is that in most of the cases we overlook things and going by the book helps.
When we open up a browser and there is an error message “Page not found” we immediately assume that the connection is to blame. In fact many times this is just a temporary problem of our home page site. Try a different address to see if the connections is down or the home pages’s website is down. Try google.com for instance or ibm.com, or bing.com; if these don’t work it could be the connection

Step 1 – Try a reboot

Almost every time a reboot solves the problem. This might sound anecdotic but it actually works in many cases. Reboot the computer, reboot the modem, reboot the router behind the modem.

Isolate the problem
First of all we need to know that the problem is not in the network.

  • Use a computer that you are sure is not infected by any Mallware. Connect it directly to the DSL device, cable modem, or other type of modem.
  • Do not use the wireless; connect the computer with a network cable. This way you are testing the connection and nothing else.
  • As already mentioned, you need to make sure your computer works fine and is not infected. Use antivirus and antispyware if needed.
  • If you are not sure about the health of your computer you can always boot from a Live Linux CD. On the Live CD you will have a browser and other useful tools.
  • Once the system is up and you are connected to the Internet, test your connection with one of the free online services. Google-it and you will find many online DSL speed test websites. If the speed is OK then, the problem is in your computer, or your network, go to step 4.
  • Step 2 – Modem troubleshoot

    If the DSL speed test failed, (no connection or slow speed), you have a few things to try before calling the ISP
    Usually, for a DSL connection, the telephone line is shared with another device, a fax or a phone. Some of us have a separate line for DSL or they don’t even have a phone line, they only have a dry loop. If you don’t understand any of these you most likely don’t have it.

  • If you share the DSL line with another device you need to connect this second device through a DSL filter. I must stress: EVEN IF IT WORKED before without it, you must have the filter.
    DO NOT run the DSL line through a filter, you’ll only break your Internet Connection, only the phone or the fax, or Credit Card processing device, etc…
  • Check all the physical connections of the Modem Device, R6 or RJ11 or the RJ45 connectors and make sure that they are tight they don’t have the locking pins broken, etc…
  • For a DSL connection the length of the phone cable could be critical, so use the original cable, (the short one), provided with the modem at least for the testing period. The reason is because the length of the pair from the CO to your place can be at its length limits, it happens more often than you think. If you pass this limit your connection stability will be penalized. Another reason is because a long cable is more difficult to examine for defects than a short one.
    If needed, use a longer network cable to connect a device in the house. The network cable, (UTP – unshielded twisted pair), can go up to 100m (300 feet).
  • Some electric devices can interfere with the modem; avoid placing it near such devices.
  • Look at the modem’s lights. If the DSL light is off there is no service.
  • If there is no connection at all, (No DSL light), check the phone to see if you have a dial tone.
  • If the modem connects to a separate wall jack bring a phone and check if you have a dial tone, you might have a dial tone in the bedroom and not in the office.
  • Similarly check if there is TV service, if there is no TV service then most likely it is a bigger problem at your cable provider.
  • Look for the DSL filter as described above.
  • Check the LAN light on the modem. If the LAN LED is off your computer’s network adapter might be defective, or disabled, or the UTP cable that connects the computer with the modem might be defective. There is a chance that the modem’s LAN interface is defective.
  • If you have a solid DSL light, (check the modem’s manual, manufacturers have different signalling for established DSL connection), and you don’t have a connection check the password for the connection.
  • Step 3 – Connect to Your Modem’s Administration Interface

    All of the modern modems have a WEB Administration Interface. The admin Interface is usually accessible via a WEB browser. It lets you configure the authentication and other different settings.
    In order to administrate your modem you need the following:

  • The administrator’s password to access your router. If you don’t have it you can perform a hardware reset using the reset button located on the modem. You need to use a pin to press the button. This will reset all of your modem’s setting, including the admin password, to the factory defaults.
  • The IP address of the router. If the modem has its DHCP server started, (by default yes), it will lease your computer an IP address and provide it with other IP configuration settings such as: “Default Gateway”, netmask, and DNS. The important part is the gateway’s IP address as this is your modem’s internal interface and this is what you need to access your router’s web Interface. You can find all of this information by issuing the following command in a command prompt window with elevated rights, (admin credentials):
    ipconfig /all
    After issuing the command you will get a screen similar to this one. Note that the “Default Gateway” is the address of your modem.
    IPCONFIG
    In a web browser type: http://IPADDRESS where IPADDRES is your router.
    For instance if your router’s (gateway) IP address is 192.168.200.1 the address you are looking for is: http://192.168.200.1.
  • Once connected to the web interface you need to enter the authentication details. If you don’t have them you have to call your ISP which will make a reset after security verification.
  • If all of the previous steps did not solve the problem call your ISP. They might ask you to redo all of the steps above and maybe more. Be patient, they are just doing their job, they never assume, or they shouldn’t. The second they let themselves drawn into your speculation they make the same mistake as you do.

    Step 4 – Correct the problems behind the modem

    If the connection is OK the problem is behind the modem. This problem could be anything in your network.
    Some suggestions are:
    The router – many times the router can slow down your network. Try a reboot. If that doesn’t work try another model or another manufacturer. Do an upgrade of the firmware. Check the router’s configuration and try a default stripped down configuration.
    The computer – most of the times, the slow performance over Internet is actually the poor performance of a computer. This is a dense material that is treated in a separate article which you can find here: How to Refresh your Computer speed (coming soon).
    The network – many times a poor network will penalize al sorts of network traffic not only Internet. This makes the subject of another article here: How to Troubleshoot Your LAN, (Local Area Network). (coming soon)

    Ask me any technical question in the comments area so I can update the document or answer you directly on the comments. I would like to make this article as useful as possible.

    Business Domain Name Registration and Trademark Protection

    Domain name registration is an important step for any business. Almost all businesses need to be online even if only for PR. Sometimes business owners don’t have all the information in order to take a decision regarding a Domain Name. This happens because of high level of technical information, not enough literature on the subject, and a lot of time misguided information.

    What is a Domain Name?

    Domain Name www
    www

    Every domain name contains two or more components separated by periods, called “dots”. The last part of the address, (com, net, org, us, ca, uk), is called the “Top Level Domain”. The second part of the domain is what the “Second Level Domain”. Examples of Second Level Domain are: com.uk, or on.ca. The Second Level Domains are a great way to organize geographically or functional the Domain Names, (on.ca for example is the SLD for Ontario – Canada).

    It is also possible to have sub-domains such as “subdomain.yourdomain.com”. I own, for instance, www.head-massage.net. I could choose to split my traffic and content between multiple websites and assign them different sub-domain names such as: practitioner.head-massage.net, directory.head-massage.net, articles.head-massage.net, etc… That is a Web Marketing or technical decision.

    A domain name is hierarchical and most common offers information about the type of entity using the domain name. However, for an additional charge, you can choose to keep that information private.

    Why do we need a domain name?

    A domain name is always needed when you want to be present on the web. It is a way to translate your server’s address into a nice looking address. Who can remember a web address like 192.168.196.231? Not me… For me, and most of us, it is easier to remember a name like dorianblog.info.

    Your Domain Name is your property on the Internet. It is the name of your space on Internet. Since it represents you and your company you want make it look good.

    Marketing and PR are other two major reasons. You want to brand your Web Site and personalize it.

    Search Engine ranking is another reason. There is been a lot of discussions on this subject and it seems that Search Engines such as Google, Yahoo, Bing, etc. are taking in consideration the domain name of your website in their ranking algorithm.

    Trademark protection is so important these days and if you don’t use a domain name that sounds like your company name someone else will use it, and reap off the benefits.

    How to choose a good domain name

    There is no absolute formula for choosing your domain name but there are some guidelines. These guidelines along with a good Marketing strategy, can give you an idea of what domain name or names you should choose.

    Some of the guidelines are the following:

    • Try to make your domain name as short as possible. This makes it easier to remember and get the attention of your visitors.
    • It has to be as short as possible. People have to remember the name easily.
    • It has to have a meaning, something that people can relate to easily. You can’t name your website tmmfalfbte.com because this is the acronym of your book: “The Massage Manual For All Levels From Beginner to Expert”.
    • It has to be related to your company name or to your products or to a specific Marketing Campaign.
      I have dorianblog.info, (my name + blog), and the other one is head-massage.net, (obviously the name says it all is about Head Massage). If I had enough money and energy to finish my project to write a book about massage I would promote it through an alternate website, (part of my Marketing Campaign), let’s say learntomassage.tv which is not yet registered.
    • This last example leads me to the next question what TLD, (Top Level Domain), should I choose. If you can, stick to the designation of the TLD. For example .com is for commercial institutions, .org is for noncommercial organizations, etc… But this isn’t extremely important.

    Other TLD, (Domain Name Extensions), are:

  • .edu — for educational institutions, (you have to prove you are an educational institution and are allowed only one name), .net — for network infrastructure providers, (the initial designation has been lost),
  • .gov — for governmental entities in US – restricted,
  • .mil — for military entities in US – restricted,
  • .int — for international treaty organizations – restricted and very tight controlled.
  • On top of these there are Country Code Top Level Domains, one per country, such as .us for USA, .ca for Canada, .mx for Mexico, .fr for France, etc.
  • New domain extensions are .tv, .aero, .biz, .coop, .info, .museum, .name, .pro and many others.
  • Some of the CCTLD Registries require you prove that you operate or live in their country in order to approve an application for a Domain Name. Some others have even tighter rules requiring you for example a Trademark for the name you request. This however is changing and there are less and less restrictions.
    There are new extensions that don’t fall in either of these categories they appear, because there is a demand.

    What if my Domain Name is taken?

    There are a lot of ways to get around. First of all if your name is taken and you registered a trademark you can go to court and fight for your name. As a first step you can ask the owner to sell you the name for a reasonable price. If this doesn’t work you can ask the registry to arbitrate this. You can hire a trademark lawyer to solve this for you if none of the previous worked.

    If you don’t have a trademark for the name is more difficult but basically you can try all of the above.
    If you know you can’t win, choose something very close, use hyphens or numbers. Hyphens are better. My domain name is head-massage.net and is well positioned in rankings and search results. You will hear a lot of people saying that is better to have all letters Domain Names. I am not sure about that.

    Try to use another extension, with so many choices these days, it is almost impossible to not find one available.

    How Many Years Should I register my Domain Name?

    The longer you register your Domain Name the better. There are a few reasons for that. First of all is convenient to know that you have done it and you don’t have to do it for another few years. Then, some search engines give you some extra points in their rankings if you register for longer periods. That means you are serious and you plan to be there for a long time.

    If you register for 5 years you get a great discount, most of the registrars give you the best discount for 5 years. If you register for more than 10 years, your investment might become wasted, the technology changes so fast. For instance there are discussions about completely customized Domain Names. That will render obsolete the actual Domain Names Market. I could, for example, buy the domain name head.massage.

    How to protect my Domain Name and my Trademark?

    Copyright Trademark

    Register your Domain Name in multiple TLD’s. This prevents Cyber-Squatters to register your name and take advantage of it.
    Register a Trademark; this entitles you to dispute domain names using your Trademark.
    Keep an eye on the Internet for any new names related to your Trademark. There are companies that offer these kinds of services.

    What is a registrar and what is a registry

    A Registrar is usually a company that handles Domain Name registration. They are an interface between you the registrant and the Registry Administrator.

    The Registry Administrator, (sometimes called for short the Registry), is the authority that administrates a TLD or more and the database with all the Domain Names. Examples of Internet Registration Authorities are the country code Top Level Domain administrators, such as DENIC in Germany, or Nominet in the United Kingdom, or CIRA in Canada, which are the Administrators for the .de TLD and .uk TLD, or .ca in Canada. Most of the Registry administrators will choose to deal with you through Registrars, but some will allow you to purchase your names directly.

    The Registrant is the owner of the domain – You, your Company, your boss, etc…

    How to choose my Registrar

    Your registrar is an important thing since you will have to deal with him a lot. The Registrar Market is constantly changing, however big registrars are the most likely to survive over time, which is critical for you as a domain name owner.
    The Domain Name administration is not an easy task and sometimes involves technical knowledge. Usually, when you buy a Domain Name you also buy some services with it. These services are some or all of the following:

    • DNS hosting – is usually free with domain name purchase, there are still a few companies that charge for this kind of service. Without a DNS computers will not know where to direct the requests for your website.
    • Web forwarding – very few companies give this as a free service. This is an advanced feature that let you specify that all the requests for a certain web-address should go to another web-address. That is handy if you purchased another company and want to redirect all the traffic from this company to your website.
    • Website hosting – basic web site hosting is provided with a Domain Name purchase by some Registrars. For a starter the free this is a good option but this is going to give you a limited space and limited number of pages. On the other hand many companies will give you a free domain name registration if you purchase any hosting package.
    • Make sure you choose a good and established Registrar that offers you the features described above.
    • Good technical support is another key element. Cost is probably one of the most important elements for many of us especially if it’s a starter website. But don’t try to go too cheap, because you will end up by paying more…

    Good Domain Name Registrars and Web Hosting companies are:
    GoDaddy.com – World’s No.1 Domain Name Registrar , I am hosting one of my websites with them and I registered hundreds of domains for other companies. They have great prices for domains and if you know how to choose the web-hosting can be free to cheap. They have discounts and promotions all the time it’s up to you to register when you get a promotion.
    HOSTMONSTER.COM – great Domain Registrar and Web-site Hosting I am hosting two of my websites with them and they have a good up time and the Control Panel used to administrate the websites are great.

    What else Do I Need to Know when I Register a Domain Name?

    When you, or someone you designate, register a domain, make sure you are the Administrative Contact in the registration record. The Administrative Contact has the authority to make any changes, transfers, etc… The technical contact is someone that makes technical changes such as IP address changes, etc.
    Make sure all the details in the registration are correct, such as address, company name, etc, otherwise it is a real hassle to change this after creation.
    If you register with a TLD Administrator, and not with a registrar, you have to provide at the registration time the IP address of your server. Many times this is difficult to change and is not free.