samba - Jan 2022 - Remove LanMan auth from the AD DC and possibly file server?

On 2022-01-26 at 16:50 +1300 Andrew Bartlett via samba sent
off:
> My feeling is that for the Win9X and OS/2 irrilplacable industrial
> equipment case, that guest authentication would suffice, combined with
> 'force user' and 'hosts allow' for 'security'.
> 
> What do folks think?
my gut feeling is that many users will be very unhappy with such a change. I
know many setups where the clients say that ntlm auth is still required for
them and where guest auth would not be an option. Even on AD DCs sometimes. For
sure on member servers.

Best regards
Bj?rn
-- 
SerNet GmbH - Bahnhofsallee 1b - 37081 G?ttingen
phone: +495513700000  mailto:contact at sernet.com
AG G?ttingen: HR-B 2816 - https://www.sernet.com
Manag. Directors Johannes Loxen and Reinhild Jung
data privacy policy https://www.sernet.de/privacy

On Wed, Jan 26, 2022 at 12:50:58PM +0100, Bj?rn JACKE via samba
wrote:
>On 2022-01-26 at 16:50 +1300 Andrew Bartlett via samba sent off:
>> My feeling is that for the Win9X and OS/2 irrilplacable industrial
>> equipment case, that guest authentication would suffice, combined with
>> 'force user' and 'hosts allow' for 'security'.
>>
>> What do folks think?
>
>my gut feeling is that many users will be very unhappy with such a change. I
>know many setups where the clients say that ntlm auth is still required for
>them and where guest auth would not be an option. Even on AD DCs sometimes.
For
>sure on member servers.
Correct me if I'm wrong Andrew, but I think Andrew is not
thinking about removing NTLM, but only the storage of
LM password hashes.

 From the "lanman auth" section of the man page:

This parameter has been deprecated since Samba 4.11 and
support for LanMan (as distinct from NTLM, NTLMv2 or Kerberos
authentication) will be removed in a future Samba release.

Removing the LM password hashes gets a hearty thumbs-up
from me :-).

But I may be miss-reading the original message. Sorry
if I'm just adding to the confusion :-).