samba - Oct 2015 - ntlm_password_check: LM password, NT MD4 password in LM field and LMv2 failed for user username

Hi,

We're seeing these messages for some users in our DC logs. Google tells 
me that lanman hashed passwords are less strong, and should not be used 
anymore.

Solutions on the internet are to enable ntlm auth and
client ntlmv2 auth in smb.conf.

But I guess this will weaken the security of our network, and it smells 
as if these users are perhaps using older windows versions, and we 
should simply tell them to upgrade? Or is there a way to stop windows xp 
(i guess...) from using lanman auth?

Any ideas or suggestions how to proceed?

MJ