Deprecate SMBv1 options and NT4-like domains for Samba 4.13?

Alexander Bokovoy ab at
Sat Aug 8 12:57:00 UTC 2020

On ke, 01 heinä 2020, Andrew Bartlett via samba-technical wrote:
> Samba 4.13 freezes soon, so I wanted to again propose adding things to
> the deprecated list.
> Yes, we add things to this list far faster then we remove the options,
> but the job for anyone wishing to remove features starts with this
> point, marking and announcing to our users that we are not going to
> keep every Samba option and feature forever.
> So I present to you this MR:
> No code is removed of course, and of course we are not going to remove
> code that FreeIPA needs, but even in between all that I think this is
> worth doing.
> (pdb_ldap is not impacted, I've dropped those references compared to my
> earlier MR)
> Parameter Name                     Description                Default
> --------------                     -----------                ------
> domain logons                      Deprecated                 no

Removing this setting affects FreeIPA. The logic for 'security = <user|auto>'
triggers PDC definition only in case 'domain logons = yes'. FreeIPA
depends on NT4 domains mode functionality to provide its hybrid AD
forest setup.

I guess, looking at lp_find_server_role() and
lp_is_security_and_server_role_valid(), I'd need to define 

 security = user

explicitly. Right now we have 

 security = user
 domain master = yes
 domain logons = yes

and no 'server role', so it defaults to AUTO and will require an update
of the configuration to set server role explicitly.

Given we are deprecating not removing it altogether, it is more of a
task to me rather than a blocker. I filed to update FreeIPA configuration.

/ Alexander Bokovoy

More information about the samba-technical mailing list