This parameter has been deprecated since Samba 4.13 and
support for NTLMv2, NTLM and LanMan authentication outside NTLMSSP
will be removed in a future Samba release.
That is, in the future, the current default of
client use spnego = yes
will be the enforced behaviour.
This variable controls whether Samba clients will try
to use Simple and Protected NEGOciation (as specified by rfc2478) with
supporting servers (including WindowsXP, Windows2000 and Samba
3.0) to agree upon an authentication
mechanism. This enables Kerberos authentication in particular.
When is also set to
yes extended security (SPNEGO) is required
in order to use NTLMv2 only within NTLMSSP. This behavior was
introduced with the patches for CVE-2016-2111.
yes