1 <samba:parameter name="client use spnego"
4 xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
6 <para> This variable controls whether Samba clients will try
7 to use Simple and Protected NEGOciation (as specified by rfc2478) with
8 supporting servers (including WindowsXP, Windows2000 and Samba
9 3.0) to agree upon an authentication
10 mechanism. This enables Kerberos authentication in particular.</para>
12 <para>When <smbconfoption name="client NTLMv2 auth"/> is also set to
13 <constant>yes</constant> extended security (SPNEGO) is required
14 in order to use NTLMv2 only within NTLMSSP. This behavior was
15 introduced with the patches for CVE-2016-2111.</para>
18 <value type="default">yes</value>