mirror of
https://github.com/samba-team/samba.git
synced 2024-12-24 21:34:56 +03:00
4a6a010e78
Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Ira Cooper <ira@samba.org>
26 lines
1.0 KiB
XML
26 lines
1.0 KiB
XML
<samba:parameter name="allow nt4 crypto"
|
|
context="G"
|
|
type="boolean"
|
|
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
|
|
<description>
|
|
<para>This option controls whether the netlogon server (currently
|
|
only in 'active directory domain controller' mode), will
|
|
reject clients which does not support NETLOGON_NEG_STRONG_KEYS
|
|
nor NETLOGON_NEG_SUPPORTS_AES.</para>
|
|
|
|
<para>This option was added with Samba 4.2.0. It may lock out clients
|
|
which worked fine with Samba versions up to 4.1.x. as the effective default
|
|
was "yes" there, while it is "no" now.</para>
|
|
|
|
<para>If you have clients without RequireStrongKey = 1 in the registry,
|
|
you may need to set "allow nt4 crypto = yes", until you have fixed all clients.
|
|
</para>
|
|
|
|
<para>"allow nt4 crypto = yes" allows weak crypto to be negotiated, maybe via downgrade attacks.</para>
|
|
|
|
<para>This option yields precedence to the 'reject md5 clients' option.</para>
|
|
</description>
|
|
|
|
<value type="default">no</value>
|
|
</samba:parameter>
|