docs-xml: deprecate "server schannel" and change the default to "yes"

No client should use the old protocol without DCERPC level integrity/privacy,
but Maybe there're some lagacy OEM file servers, which require this.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

diff --git a/docs-xml/smbdotconf/security/serverschannel.xml b/docs-xml/smbdotconf/security/serverschannel.xml
index a2dca1bbdb4345be66c2f0f950b5bc4c5fd1bcf5..489492d79b1d60c1fe24cca5a045114ea4978232 100644 (file)
--- a/docs-xml/smbdotconf/security/serverschannel.xml
+++ b/docs-xml/smbdotconf/security/serverschannel.xml
@@ -2,8 +2,17 @@
                  context="G"
                  type="enum"
                  enumlist="enum_bool_auto"
+                 deprecated="1"
                  xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
 <description>
+
+    <para>
+       This option is deprecated with Samba 4.8 and will be removed in future.
+       At the same time the default changed to yes, which will be the
+       hardcoded behavior in future. If you have the need for the behavior of "auto"
+       to be kept, please file a bug at https://bugzilla.samba.org.
+    </para>
+
     <para>
        This controls whether the server offers or even demands the use of the netlogon schannel.
        <smbconfoption name="server schannel">no</smbconfoption> does not offer the schannel, <smbconfoption
@@ -18,6 +27,6 @@
        </para>
 </description>
 
-<value type="default">auto</value>
-<value type="example">yes</value>
+<value type="default">yes</value>
+<value type="example">auto</value>
 </samba:parameter>

diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c
index f6ee112c1276151e7bff2c5b50473321bfcbb523..a18407d9c071b3513f8e2d04c2e9da1a3d1f8e3b 100644 (file)
--- a/lib/param/loadparm.c
+++ b/lib/param/loadparm.c
@@ -2784,7 +2784,7 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx)
 
        lpcfg_do_global_parameter(lp_ctx, "winbind nss info", "template");
 
-       lpcfg_do_global_parameter(lp_ctx, "server schannel", "Auto");
+       lpcfg_do_global_parameter(lp_ctx, "server schannel", "True");
 
        lpcfg_do_global_parameter(lp_ctx, "short preserve case", "True");
 

diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index 9f79f132def3d087292f6294cd6779a86207cf24..582c8756ffa874d807745e83eb32371b0a3bf478 100644 (file)
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -654,7 +654,7 @@ static void init_globals(struct loadparm_context *lp_ctx, bool reinit_globals)
        Globals.client_schannel = true;
        Globals.winbind_sealed_pipes = true;
        Globals.require_strong_key = true;
-       Globals.server_schannel = Auto;
+       Globals.server_schannel = true;
        Globals.read_raw = true;
        Globals.write_raw = true;
        Globals.null_passwords = false;