Hi,
I got this working in the end, the issue was with the '-' on the --helper-protocol being wrong. I'm assuming this was caused during a copy /paste rather than typing as I was looking at web pages when creating the file. I noticed the 2nd - seemed longer.
Thank you for the help though.
Jon
On Tue, Aug 21, 2018 at 3:21 PM Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote:
On 21/08/18 7:09 PM, L.P.H. van Belle wrote:
>> Also, what then do the other lines in your config then say to do with
>> the NTLM type-1 requests (no credentials) and failed-login requests?
>
> No this happend after the last security update of samba.
>
"No" to what ? My Q above was in regards to the omitted http_access
behaviour.
The 'type-1' I am speaking of is the initial NTLM credentials token. Not
the version number. All LanManager based exchanges (LM 1.0, LM4, LM
32-bit, SMB LM, NTLMv1 NTLMv2, NTLMv2 extended) begin with a type-1 token.
> This is due to a samba update.
> SECURITY UPDATE: Weak authentication protocol allowed
> CVE-2018-1139-*.patch: Do not allow ntlmv1 over SMB1
>
> You can easily test this, add 'ntlm auth = yes' to smb.conf and
> restart. If this cures your problem, then you have two choices, leave
> it alone and put up with a possibly insecure server, or fix your
> clients to only use NTLMv2 and remove the line from smb.conf.
>
Yes, that is worth testing for.
Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
