New default: print notify backchannel = no    (per share)

New default: winbind expand groups = 0        (global)
             
             The default value was changed from 1 to 0 with Samba 4.2. Some broken applications calculate
             the group memberships of users by traversing groups, such applications will require "winbind
             expand groups = 1". But the new default makes winbindd more reliable as it doesn't require
             SAMR access to domain controllers of trusted domains.

New parameter: allow nt4 crypto (G)
             
             This option controls whether the netlogon server (currently only in 'active directory domain
             controller' mode), will reject clients which does not support NETLOGON_NEG_STRONG_KEYS nor
             NETLOGON_NEG_SUPPORTS_AES.
             
             This option was added with Samba 4.2.0. It may lock out clients which worked fine with Samba
             versions up to 4.1.x. as the effective default was "yes" there, while it is "no" now.
             
             If you have clients without RequireStrongKey = 1 in the registry, you may need to set "allow
             nt4 crypto = yes", until you have fixed all clients.
             
             "allow nt4 crypto = yes" allows weak crypto to be negotiated, maybe via downgrade attacks.
                                                                                                            
             This option yields precedence to the 'reject md5 clients' option.
             
             Default: allow nt4 crypto = no

New parameter: spoolss: architecture (G)
             
             Windows spoolss print clients only allow association of server-side drivers with printers when
             the driver architecture matches the advertised print server architecture. Samba's spoolss
             print server architecture can be changed using this parameter.
             
             Default: spoolss: architecture = Windows NT x86
             
             Example: spoolss: architecture = Windows x64
             
New parameter: spoolss: os_major (G)
             
             Windows might require a new os version number. This option allows to modify the build number.
             The complete default version number is: 5.0.2195 (Windows 2000). The example is 6.1.7601
             (Windows 2008 R2).
             
             Default: spoolss: os_major = 5
             
             Example: spoolss: os_major = 6

New parameter: winbind request timeout (G)
             
             This parameter specifies the number of seconds the winbindd(8) daemon will wait before
             disconnecting either a client connection with no outstanding requests (idle) or a client
             connection with a request that has remained outstanding (hung) for longer than this number of
             seconds.
  
             Default: winbind request timeout = 60