1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
samba-mirror/docs-xml/smbdotconf/logon/allownt4crypto.xml
Michael Adam 4a6a010e78 docs:smbdotconf: remove swat-specific flags.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
2015-05-02 00:56:31 +02:00

26 lines
1.0 KiB
XML

<samba:parameter name="allow nt4 crypto"
context="G"
type="boolean"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
<para>This option controls whether the netlogon server (currently
only in 'active directory domain controller' mode), will
reject clients which does not support NETLOGON_NEG_STRONG_KEYS
nor NETLOGON_NEG_SUPPORTS_AES.</para>
<para>This option was added with Samba 4.2.0. It may lock out clients
which worked fine with Samba versions up to 4.1.x. as the effective default
was "yes" there, while it is "no" now.</para>
<para>If you have clients without RequireStrongKey = 1 in the registry,
you may need to set "allow nt4 crypto = yes", until you have fixed all clients.
</para>
<para>"allow nt4 crypto = yes" allows weak crypto to be negotiated, maybe via downgrade attacks.</para>
<para>This option yields precedence to the 'reject md5 clients' option.</para>
</description>
<value type="default">no</value>
</samba:parameter>