This parameter has been deprecated since Samba 4.13 and support for NTLM and LanMan (as distinct from NTLMv2 or Kerberos authentication) will be removed in a future Samba release. That is, in the future, the current default of client NTLMv2 auth = yes will be the enforced behaviour. This parameter determines whether or not smbclient 8 will attempt to authenticate itself to servers using the NTLMv2 encrypted password response. If enabled, only an NTLMv2 and LMv2 response (both much more secure than earlier versions) will be sent. Older servers (including NT4 < SP4, Win9x and Samba 2.2) are not compatible with NTLMv2 when not in an NTLMv2 supporting domain Similarly, if enabled, NTLMv1, client lanman auth and client plaintext auth authentication will be disabled. This also disables share-level authentication. If disabled, an NTLM response (and possibly a LANMAN response) will be sent by the client, depending on the value of client lanman auth. Note that Windows Vista and later versions already use NTLMv2 by default, and some sites (particularly those following 'best practice' security polices) only allow NTLMv2 responses, and not the weaker LM or NTLM. When is also set to yes extended security (SPNEGO) is required in order to use NTLMv2 only within NTLMSSP. This behavior was introduced with the patches for CVE-2016-2111. yes