On 21/08/18 7:09 PM, L.P.H. van Belle wrote: >> Also, what then do the other lines in your config then say to do with >> the NTLM type-1 requests (no credentials) and failed-login requests? > > No this happend after the last security update of samba. > "No" to what ? My Q above was in regards to the omitted http_access behaviour. The 'type-1' I am speaking of is the initial NTLM credentials token. Not the version number. All LanManager based exchanges (LM 1.0, LM4, LM 32-bit, SMB LM, NTLMv1 NTLMv2, NTLMv2 extended) begin with a type-1 token. > This is due to a samba update. > SECURITY UPDATE: Weak authentication protocol allowed > CVE-2018-1139-*.patch: Do not allow ntlmv1 over SMB1 > > You can easily test this, add 'ntlm auth = yes' to smb.conf and > restart. If this cures your problem, then you have two choices, leave > it alone and put up with a possibly insecure server, or fix your > clients to only use NTLMv2 and remove the line from smb.conf. > Yes, that is worth testing for. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
