From 1fd927136be7230d5b670bf9b9ffe91071ec94d8 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Thu, 21 Jul 2016 20:04:10 +0200
Subject: [PATCH] WHATNEW: the default for "ntlm auth" is "no"

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---
 WHATSNEW.txt | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 7d2405b6058..8cb521ab5cf 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -12,7 +12,19 @@ Samba 4.5 will be the next version of the Samba suite.
 UPGRADING
 =========
 
-Nothing special.
+NTLMv1 authentication disabled by default
+-----------------------------------------
+
+In order to improve security we have changed
+the default value for the "ntlm auth" option from
+"yes" to "no". This may have impact on very old
+client which doesn't support NTLMv2 yet.
+
+The primary user of NTLMv1 is MSCHAPv2 for VPNs and 802.1x.
+
+By default Samba will only allow NTLMv2 via NTLMSSP now,
+as we have the following default "lanman auth = no",
+"ntlm auth = no" and "raw NTLMv2 auth = no".
 
 
 NEW FEATURES/CHANGES
@@ -159,6 +171,7 @@ smb.conf changes
 
   Parameter Name		Description		Default
   --------------		-----------		-------
+  ntlm auth			Changed default 	no
   only user			Removed
   username			Removed
   kccsrv:samba_kcc		Changed default		true
-- 
2.11.4.GIT