Ah, sorry Amos, I was understanding you ment the Question was about the NTLM auth itself not the token. My mis understanding. :-/ Greetz, Louis > -----Oorspronkelijk bericht----- > Van: squid-users > [mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx] Namens > Amos Jeffries > Verzonden: dinsdag 21 augustus 2018 16:21 > Aan: squid-users@xxxxxxxxxxxxxxxxxxxxx > Onderwerp: Re: NTLM Authentication / Centos 7 > > On 21/08/18 7:09 PM, L.P.H. van Belle wrote: > >> Also, what then do the other lines in your config then say > to do with > >> the NTLM type-1 requests (no credentials) and failed-login > requests? > > > > No this happend after the last security update of samba. > > > > "No" to what ? My Q above was in regards to the omitted http_access > behaviour. > > > The 'type-1' I am speaking of is the initial NTLM credentials > token. Not > the version number. All LanManager based exchanges (LM 1.0, LM4, LM > 32-bit, SMB LM, NTLMv1 NTLMv2, NTLMv2 extended) begin with a > type-1 token. > > > > This is due to a samba update. > > SECURITY UPDATE: Weak authentication protocol allowed > > CVE-2018-1139-*.patch: Do not allow ntlmv1 over SMB1 > > > > You can easily test this, add 'ntlm auth = yes' to smb.conf and > > restart. If this cures your problem, then you have two > choices, leave > > it alone and put up with a possibly insecure server, or fix your > > clients to only use NTLMv2 and remove the line from smb.conf. > > > > Yes, that is worth testing for. > > Amos > _______________________________________________ > squid-users mailing list > squid-users@xxxxxxxxxxxxxxxxxxxxx > http://lists.squid-cache.org/listinfo/squid-users > _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
