tests/krb5: Declare supported encryption types of service account

If SID compression support is disabled for a created account,
msDS-SupportedEncryptionTypes will be set to a value that includes the
RESOURCE_SID_COMPRESSION_DISABLED bit, but no actual encryption type
bits. Since stricter encryption type handling was introduced to address
CVE-2022-37966, this combination has been interpreted as an expression
of no encryption type support, and trying to make a Kerberos request to
a service with such a combination of bits will fail with
ERR_ETYPE_NOSUPP.

To allow us to make Kerberos requests to test service accounts again, we
must set some actual encryption type bits.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

python/samba/tests/krb5/group_tests.py

@@ -1024,6 +1024,9 @@ class GroupTests(KDCBaseTest):
             creds = self.get_cached_creds(
                 account_type=self.AccountType.COMPUTER,
                 opts={
+                    'supported_enctypes':
+                        security.KERB_ENCTYPE_RC4_HMAC_MD5 |
+                        security.KERB_ENCTYPE_AES256_CTS_HMAC_SHA1_96,
                     'sid_compression_support': compression,
                 })
             target_name = creds.get_username()