[squid-users] NTLM Authentication / Centos 7
L.P.H. van Belle
belle at bazuin.nl
Tue Aug 21 14:57:39 UTC 2018
Ah, sorry Amos,
I was understanding you ment the Question was about the NTLM auth itself not the token.
My mis understanding. :-/
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: squid-users
> [mailto:squid-users-bounces at lists.squid-cache.org] Namens
> Amos Jeffries
> Verzonden: dinsdag 21 augustus 2018 16:21
> Aan: squid-users at lists.squid-cache.org
> Onderwerp: Re: [squid-users] NTLM Authentication / Centos 7
>
> On 21/08/18 7:09 PM, L.P.H. van Belle wrote:
> >> Also, what then do the other lines in your config then say
> to do with
> >> the NTLM type-1 requests (no credentials) and failed-login
> requests?
> >
> > No this happend after the last security update of samba.
> >
>
> "No" to what ? My Q above was in regards to the omitted http_access
> behaviour.
>
>
> The 'type-1' I am speaking of is the initial NTLM credentials
> token. Not
> the version number. All LanManager based exchanges (LM 1.0, LM4, LM
> 32-bit, SMB LM, NTLMv1 NTLMv2, NTLMv2 extended) begin with a
> type-1 token.
>
>
> > This is due to a samba update.
> > SECURITY UPDATE: Weak authentication protocol allowed
> > CVE-2018-1139-*.patch: Do not allow ntlmv1 over SMB1
> >
> > You can easily test this, add 'ntlm auth = yes' to smb.conf and
> > restart. If this cures your problem, then you have two
> choices, leave
> > it alone and put up with a possibly insecure server, or fix your
> > clients to only use NTLMv2 and remove the line from smb.conf.
> >
>
> Yes, that is worth testing for.
>
> Amos
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
More information about the squid-users
mailing list