Samba and legacy Windows support

Rowland penny rpenny at
Tue Oct 8 11:07:12 UTC 2019

On 08/10/2019 11:43, Ralph Boehme via samba-technical wrote:
> Hi Andreas,
> On 10/8/19 10:59 AM, Andreas Schneider via samba-technical wrote:
>> Samba with version 4.11 currently still support a lot of systems which are
>> already out of support. We still get bugs to either fix support for Windows
>> NT4 or OS/2. Also we know that Windows Server 2003 with Active Directory is
>> still deployed.
>> In order to remove support for those platforms which are very long EOL, we
>> should try to make announcements when we plan to remove support.
>> ## Steps planned
>> With Samba 4.12 we plan to disable SMB1 by default
> as already pointed out by Rowland: mission accomplished with 4.11. :)
>> and then remove support for
>> it in Samba 4.13 or 4.14. This means end of 2020 or beginning of 2021.
> We can't remove it unless existing SMB1 tests are converted to SMB2.
> Thankfully, it seems David and Noel took the stab. But we can't announce
> until this is completed.

Whilst you are quite correct that we cannot remove it until everything 
that needs to work without SMB1 does, I think we should announce that we 
plan to remove it from 4.14 if possible. This would do two things, focus 
the team minds on the task and warn users that it will happen at 4.14 or 
the next version.


>> If we remove support for SMB1, we could also remove support for NTLMv1 and
>> Kerberos support for DES, 3DES and maybe RC4. Already on Fedora 31 use of
>> these encryption types is blocked by the default system-wide policy and is not
>> available through MIT Kerberos. DES support is fully removed from MIT Kerberos
>> 1.17.
> Sounds good, though crypto is not my game.
> -slow

More information about the samba-technical mailing list