Hi, I prefer to not blindly throw in updates, but understand what is changing. Is there an admin-compatible summary of the 4.3.8 release notes? They are full of technical details that require insider knowledge of the SMB protocol. I read it all, but still do not know what needs to be done. Are there options which must be set in order to be secure? Which options will cause compatibility issues? Should I enable "client signing" on a classic PDC with Win7 clients? Will "server max protocol = NT1" still work? (Unfortunately we need this, otherwise one program cannot be run from a samba share) Also (eventough it probably not affects me on a PDC) I wonder why "tls verify peer" defaults to "as_strict_as_possible", when the Samba default is auto-generated certificates, which to not have a crl file. Does not sound like this will be an easy upgrade for everybody. thanks, Klaus