This parameter has been deprecated since Samba 4.11 and support for plaintext (as distinct from NTLM, NTLMv2 or Kerberos authentication) will be removed in a future Samba release. That is, in the future, the current default of encrypt passwords = yes will be the enforced behaviour. This boolean controls whether encrypted passwords will be negotiated with the client. Note that Windows NT 4.0 SP3 and above and also Windows 98 will by default expect encrypted passwords unless a registry entry is changed. To use encrypted passwords in Samba see the chapter "User Database" in the Samba HOWTO Collection. MS Windows clients that expect Microsoft encrypted passwords and that do not have plain text password support enabled will be able to connect only to a Samba server that has encrypted password support enabled and for which the user accounts have a valid encrypted password. Refer to the smbpasswd command man page for information regarding the creation of encrypted passwords for user accounts. The use of plain text passwords is NOT advised as support for this feature is no longer maintained in Microsoft Windows products. If you want to use plain text passwords you must set this parameter to no. In order for encrypted passwords to work correctly smbd 8 must either have access to a local smbpasswd 5 file (see the smbpasswd 8 program for information on how to set up and maintain this file), or set the [domain|ads] parameter which causes smbd to authenticate against another server. yes