[squid-users] NTLM Authentication / Centos 7
Jon Cuthbert
jon at jmcnetworks.co.uk
Tue Aug 21 14:25:54 UTC 2018
Hi,
I got this working in the end, the issue was with the '-' on the
--helper-protocol being wrong. I'm assuming this was caused during a copy
/paste rather than typing as I was looking at web pages when creating the
file. I noticed the 2nd - seemed longer.
Thank you for the help though.
Jon
On Tue, Aug 21, 2018 at 3:21 PM Amos Jeffries <squid3 at treenet.co.nz> wrote:
> On 21/08/18 7:09 PM, L.P.H. van Belle wrote:
> >> Also, what then do the other lines in your config then say to do with
> >> the NTLM type-1 requests (no credentials) and failed-login requests?
> >
> > No this happend after the last security update of samba.
> >
>
> "No" to what ? My Q above was in regards to the omitted http_access
> behaviour.
>
>
> The 'type-1' I am speaking of is the initial NTLM credentials token. Not
> the version number. All LanManager based exchanges (LM 1.0, LM4, LM
> 32-bit, SMB LM, NTLMv1 NTLMv2, NTLMv2 extended) begin with a type-1 token.
>
>
> > This is due to a samba update.
> > SECURITY UPDATE: Weak authentication protocol allowed
> > CVE-2018-1139-*.patch: Do not allow ntlmv1 over SMB1
> >
> > You can easily test this, add 'ntlm auth = yes' to smb.conf and
> > restart. If this cures your problem, then you have two choices, leave
> > it alone and put up with a possibly insecure server, or fix your
> > clients to only use NTLMv2 and remove the line from smb.conf.
> >
>
> Yes, that is worth testing for.
>
> Amos
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
--
Jon Cuthbert
jon at jmcnetworks.co.uk
+44 7961 915060 <javascript:void(0);>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20180821/2e214543/attachment.html>
More information about the squid-users
mailing list