I've been thinking over this today, and for 3.6 I think we should drop the patch for CVE-2016-2115 entirely. A fix for that is available in later versions, were it is implemented better.
Andrew Bartlett -- Andrew Bartlett https://samba.org/~abartlet/ Authentication Developer, Samba Team https://samba.org Samba Development and Support, Catalyst IT https://catalyst.net.nz/services/samba
