1 <samba:parameter name="reject md5 clients"
5 xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
7 <para>This option controls whether the netlogon server (currently
8 only in 'active directory domain controller' mode), will
9 reject clients which does not support NETLOGON_NEG_SUPPORTS_AES.</para>
11 <para>You can set this to yes if all domain members support aes.
12 This will prevent downgrade attacks.</para>
14 <para>This option takes precedence to the 'allow nt4 crypto' option.</para>
17 <value type="default">no</value>