Deprecate SMBv1 options and NT4-like domains for Samba 4.13?

Andrew Bartlett abartlet at
Wed Jul 1 03:19:19 UTC 2020

Samba 4.13 freezes soon, so I wanted to again propose adding things to
the deprecated list.

Yes, we add things to this list far faster then we remove the options,
but the job for anyone wishing to remove features starts with this
point, marking and announcing to our users that we are not going to
keep every Samba option and feature forever.

So I present to you this MR:

No code is removed of course, and of course we are not going to remove
code that FreeIPA needs, but even in between all that I think this is
worth doing.

(pdb_ldap is not impacted, I've dropped those references compared to my
earlier MR)

Parameter Name                     Description                Default
--------------                     -----------                ------
domain logons                      Deprecated                 no
raw NTLMv2 auth                    Deprecated                 no
client plaintext auth              Deprecated                 no
client NTLMv2 auth                 Deprecated                 yes
client lanman auth                 Deprecated                 no
client use spnego                  Deprecated                 yes

If I get time I also hope to fold the only-used-by-attackers LMv2 into
"raw NTLMv2 auth", so we can remove both in 4.14.

Andrew Bartlett
Andrew Bartlett             
Authentication Developer, Samba Team
Samba Developer, Catalyst IT 

More information about the samba-technical mailing list