Samba and legacy Windows support
Andreas Schneider
asn at samba.org
Tue Oct 8 08:59:41 UTC 2019
Samba with version 4.11 currently still support a lot of systems which are
already out of support. We still get bugs to either fix support for Windows
NT4 or OS/2. Also we know that Windows Server 2003 with Active Directory is
still deployed.
In order to remove support for those platforms which are very long EOL, we
should try to make announcements when we plan to remove support.
## Steps planned
With Samba 4.12 we plan to disable SMB1 by default and then remove support for
it in Samba 4.13 or 4.14. This means end of 2020 or beginning of 2021.
If we remove support for SMB1, we could also remove support for NTLMv1 and
Kerberos support for DES, 3DES and maybe RC4. Already on Fedora 31 use of
these encryption types is blocked by the default system-wide policy and is not
available through MIT Kerberos. DES support is fully removed from MIT Kerberos
1.17.
NTMLv2 is still widely used and it uses RC4. This means we can't remove
support for it till there is a valid replacement for the pure file server
case.
## Questions
* Can we remove NTLMv1 and LM keys for Samba 4.12 (remove `libcli/auth/
smbdes.c`)?
* Can we remove DES and 3DES Kerberos support for Samba 4.12?
* When can we remove RC4 support with Kerberos?
Andreas
--
Andreas Schneider asn at samba.org
Samba Team www.samba.org
GPG-ID: 8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D
More information about the samba-technical
mailing list