This option controls whether winbindd requires support
for aes support for the netlogon secure channel.
The following flags will be required NETLOGON_NEG_ARCFOUR,
NETLOGON_NEG_SUPPORTS_AES, NETLOGON_NEG_PASSWORD_SET2 and NETLOGON_NEG_AUTHENTICATED_RPC.
You can set this to yes if all domain controllers support aes.
This will prevent downgrade attacks.
The behavior can be controlled per netbios domain
by using 'reject md5 servers:NETBIOSDOMAIN = yes' as option.
This option takes precedence to the option.
no