<div dir="ltr">Hi,<div><br></div><div>I got this working in the end, the issue was with the '-' on the --helper-protocol being wrong. I'm assuming this was caused during a copy /paste rather than typing as I was looking at web pages when creating the file. I noticed the 2nd - seemed longer.</div><div><br></div><div>Thank you for the help though.</div><div><br></div><div>Jon</div><div><br></div><div><br></div></div><br><div class="gmail_quote"><div dir="ltr">On Tue, Aug 21, 2018 at 3:21 PM Amos Jeffries <<a href="mailto:squid3@treenet.co.nz">squid3@treenet.co.nz</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">On 21/08/18 7:09 PM, L.P.H. van Belle wrote:<br>
>> Also, what then do the other lines in your config then say to do with<br>
>> the NTLM type-1 requests (no credentials) and failed-login requests?<br>
> <br>
> No this happend after the last security update of samba.<br>
> <br>
<br>
"No" to what ? My Q above was in regards to the omitted http_access<br>
behaviour.<br>
<br>
<br>
The 'type-1' I am speaking of is the initial NTLM credentials token. Not<br>
the version number. All LanManager based exchanges (LM 1.0, LM4, LM<br>
32-bit, SMB LM, NTLMv1 NTLMv2, NTLMv2 extended) begin with a type-1 token.<br>
<br>
<br>
> This is due to a samba update.<br>
> SECURITY UPDATE: Weak authentication protocol allowed <br>
> CVE-2018-1139-*.patch: Do not allow ntlmv1 over SMB1<br>
> <br>
> You can easily test this, add 'ntlm auth = yes' to smb.conf and<br>
> restart. If this cures your problem, then you have two choices, leave<br>
> it alone and put up with a possibly insecure server, or fix your<br>
> clients to only use NTLMv2 and remove the line from smb.conf.<br>
> <br>
<br>
Yes, that is worth testing for.<br>
<br>
Amos<br>
_______________________________________________<br>
squid-users mailing list<br>
<a href="mailto:squid-users@lists.squid-cache.org" target="_blank">squid-users@lists.squid-cache.org</a><br>
<a href="http://lists.squid-cache.org/listinfo/squid-users" rel="noreferrer" target="_blank">http://lists.squid-cache.org/listinfo/squid-users</a><br>
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div style="font-family:helvetica,arial"><br><div style="font-family:Helvetica,Arial;margin:0px"><div style="margin:0px">Jon Cuthbert</div></div><div style="font-family:Helvetica,Arial"><div style="font-family:helvetica,arial"><div style="font-family:Helvetica,Arial;margin:0px"><a href="mailto:jon@jmcnetworks.co.uk" style="color:rgb(17,85,204)" target="_blank">jon@jmcnetworks.co.uk</a> </div><div style="font-family:Helvetica,Arial;margin:0px"><a href="javascript:void(0);" value="+447961915060" style="color:rgb(17,85,204)" target="_blank">+44 7961 915060</a></div><div><br></div></div></div></div></div></div></div>