1 <samba:parameter name="client use spnego"
5 xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
7 <para> This variable controls whether Samba clients will try
8 to use Simple and Protected NEGOciation (as specified by rfc2478) with
9 supporting servers (including WindowsXP, Windows2000 and Samba
10 3.0) to agree upon an authentication
11 mechanism. This enables Kerberos authentication in particular.</para>
13 <para>When <smbconfoption name="client NTLMv2 auth"/> is also set to
14 <constant>yes</constant> extended security (SPNEGO) is required
15 in order to use NTLMv2 only within NTLMSSP. This behavior was
16 introduced with the patches for CVE-2016-2111.</para>
19 <value type="default">yes</value>