Drop LM password support?

Björn JACKE bj at SerNet.DE
Thu Apr 15 07:19:42 UTC 2021

Hi Andrew,
On 2021-03-25 at 13:51 +1300 Andrew Bartlett via samba-technical sent off:
> Thinking of things to drop from Samba, I would like to drop LM password
> support, at least from the AD DC.
> We have already deprecated the option, and LanMan authentication on the
> AD DC just makes no sense at all, but I've seen configurations with it
> enabled (where folks turn everything on hoping things might start
> working).
> For the file server it is a bit less clear-cut, but I wonder if it is
> better for DOS/Win9X clients (without the NTLMv2 upgrade) to do IP
> based authentication and guest access rather than this.

I'm fine with dropping it in AD DC but for the file server we should not drop
it. This is still required for many enterprise users with legacy industry
machines. For the fileserver we should let LM passwords die when we also
decide to let smb1 finally die.


More information about the samba-technical mailing list