This option controls whether the netlogon server (currently only in 'active directory domain controller' mode), will reject clients which does not support NETLOGON_NEG_SUPPORTS_AES.
You can set this to yes if all domain members support aes. This will prevent downgrade attacks.
This option takes precedence to the 'allow nt4 crypto' option.
Registry Hive | HKEY_LOCAL_MACHINE |
Registry Path | Software\Policies\Samba\smb_conf\reject md5 clients |
Value Name | reject md5 clients |
Value Type | REG_DWORD |
Default Value | 0 |
True Value | 1 |
False Value | 0 |