This option controls whether winbindd requires support for md5 strong key support for the netlogon secure channel. The following flags will be required NETLOGON_NEG_STRONG_KEYS, NETLOGON_NEG_ARCFOUR and NETLOGON_NEG_AUTHENTICATED_RPC. You can set this to no if some domain controllers only support des. This might allows weak crypto to be negotiated, may via downgrade attacks. The behavior can be controlled per netbios domain by using 'require strong key:NETBIOSDOMAIN = no' as option. Note for active directory domain this option is hardcoded to 'yes' This option yields precedence to the option. This option takes precedence to the option. yes