Deprecate SMBv1 options and NT4-like domains for Samba 4.13?

Jeremy Allison jra at
Wed Jul 29 19:02:54 UTC 2020

On Wed, Jul 01, 2020 at 03:19:19PM +1200, Andrew Bartlett via samba-technical wrote:
> Samba 4.13 freezes soon, so I wanted to again propose adding things to
> the deprecated list.
> Yes, we add things to this list far faster then we remove the options,
> but the job for anyone wishing to remove features starts with this
> point, marking and announcing to our users that we are not going to
> keep every Samba option and feature forever.
> So I present to you this MR:
> No code is removed of course, and of course we are not going to remove
> code that FreeIPA needs, but even in between all that I think this is
> worth doing.
> (pdb_ldap is not impacted, I've dropped those references compared to my
> earlier MR)
> Parameter Name                     Description                Default
> --------------                     -----------                ------
> domain logons                      Deprecated                 no
> raw NTLMv2 auth                    Deprecated                 no
> client plaintext auth              Deprecated                 no
> client NTLMv2 auth                 Deprecated                 yes
> client lanman auth                 Deprecated                 no
> client use spnego                  Deprecated                 yes
> If I get time I also hope to fold the only-used-by-attackers LMv2 into
> "raw NTLMv2 auth", so we can remove both in 4.14.

Sorry for the delay, just catching up on old stuff
in my inbox :-).

That looks good to me ! It's really good to start
marking obsolete stuff as, well, obsolete :-).

Anyone else got comments ?

More information about the samba-technical mailing list