1 <samba:parameter name="reject md5 servers"
4 xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
6 <para>This option controls whether winbindd requires support
7 for aes support for the netlogon secure channel.</para>
9 <para>The following flags will be required NETLOGON_NEG_ARCFOUR,
10 NETLOGON_NEG_SUPPORTS_AES, NETLOGON_NEG_PASSWORD_SET2 and NETLOGON_NEG_AUTHENTICATED_RPC.</para>
12 <para>You can set this to yes if all domain controllers support aes.
13 This will prevent downgrade attacks.</para>
15 <para>The behavior can be controlled per netbios domain
16 by using 'reject md5 servers:NETBIOSDOMAIN = yes' as option.</para>
18 <para>This option takes precedence to the <smbconfoption name="require strong key"/> option.</para>
21 <value type="default">no</value>