From 786eab65cefac69dfd38646437720f33994f8f47 Mon Sep 17 00:00:00 2001
From: Jo Sutton <josutton@catalyst.net.nz>
Date: Tue, 23 Apr 2024 13:13:20 +1200
Subject: [PATCH] s4:auth: Export AES128 gMSA keys along with AES256 keys by
 default

This is what an existing test expects.

Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---
 selftest/knownfail.d/gmsa          | 1 -
 source4/auth/kerberos/srv_keytab.c | 2 +-
 2 files changed, 1 insertion(+), 2 deletions(-)
 delete mode 100644 selftest/knownfail.d/gmsa

diff --git a/selftest/knownfail.d/gmsa b/selftest/knownfail.d/gmsa
deleted file mode 100644
index 7a126d6cc22..00000000000
--- a/selftest/knownfail.d/gmsa
+++ /dev/null
@@ -1 +0,0 @@
-^samba.tests.dckeytab.samba.tests.dckeytab.DCKeytabTests.test_export_keytab_gmsa
diff --git a/source4/auth/kerberos/srv_keytab.c b/source4/auth/kerberos/srv_keytab.c
index 4d5306d9002..a2f0d172e02 100644
--- a/source4/auth/kerberos/srv_keytab.c
+++ b/source4/auth/kerberos/srv_keytab.c
@@ -350,7 +350,7 @@ NTSTATUS smb_krb5_fill_keytab_gmsa_keys(TALLOC_CTX *mem_ctx,
 
 	supported_enctypes = ldb_msg_find_attr_as_uint(msg,
 						       "msDS-SupportedEncryptionTypes",
-						       ENC_HMAC_SHA1_96_AES256);
+						       ENC_STRONG_SALTED_TYPES);
 	/*
 	 * We trim this down to just the salted AES types, as the
 	 * passwords are now wrong for rc4-hmac due to the mapping of
-- 
2.11.4.GIT