From: Stefan Metzmacher <metze@samba.org>
Date: Wed, 22 Apr 2026 10:54:29 +0000 (+0200)
Subject: docs-xml/smbdotconf: deprecated "allow dcerpc auth level connect"
X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=d8a8b0cec08486ecaf63eb8e4693f18f345e07fe;p=thirdparty%2Fsamba.git

docs-xml/smbdotconf: deprecated "allow dcerpc auth level connect"

This was only added to prevent problems with the fixes for
CVE-2016-2118.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
---

diff --git a/docs-xml/smbdotconf/security/allowdcerpcauthlevelconnect.xml b/docs-xml/smbdotconf/security/allowdcerpcauthlevelconnect.xml
index 8bccab391cc..561be29268e 100644
--- a/docs-xml/smbdotconf/security/allowdcerpcauthlevelconnect.xml
+++ b/docs-xml/smbdotconf/security/allowdcerpcauthlevelconnect.xml
@@ -1,6 +1,7 @@
 <samba:parameter name="allow dcerpc auth level connect"
                  context="G"
                  type="boolean"
+                 deprecated="1"
                  xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
 <description>
 	<para>This option controls whether DCERPC services are allowed to
@@ -19,9 +20,10 @@
 	E.g. the drsuapi and backupkey protocols require DCERPC_AUTH_LEVEL_PRIVACY.
 	The dnsserver protocol requires DCERPC_AUTH_LEVEL_INTEGRITY.
 	</para>
+
+	<para>This option should not be used, it's related to CVE-2016-2118. It will be removed in future releases.</para>
 </description>
 
 <value type="default">no</value>
-<value type="example">yes</value>
 
 </samba:parameter>