server schannel

This option is deprecated with Samba 4.8 and will be removed in future. At the same time the default changed to yes, which will be the hardcoded behavior in future. If you have the need for the behavior of "auto" to be kept, please file a bug at

This controls whether the server offers or even demands the use of the netlogon schannel. no does not offer the schannel, auto offers the schannel but does not enforce it, and yes denies access if the client is not able to speak netlogon schannel. This is only the case for Windows NT4 before SP4.

Please note that with this set to no, you will have to apply the WindowsXP WinXP_SignOrSeal.reg registry patch found in the docs/registry subdirectory of the Samba distribution tarball.

Example: auto

Supported on: At least Microsoft Windows 7 or Windows Server 2008 family

server schannel

Registry PathSoftware\Policies\Samba\smb_conf\server schannel
Value Nameserver schannel
Value TypeREG_SZ
Default Valueyes


Administrative Templates (Computers)