reject md5 clients

This option controls whether the netlogon server (currently only in 'active directory domain controller' mode), will reject clients which does not support NETLOGON_NEG_SUPPORTS_AES.
You can set this to yes if all domain members support aes. This will prevent downgrade attacks.
This option takes precedence to the 'allow nt4 crypto' option.

Supported on: At least Microsoft Windows 7 or Windows Server 2008 family

reject md5 clients
Registry HiveHKEY_LOCAL_MACHINE
Registry PathSoftware\Policies\Samba\smb_conf\reject md5 clients
Value Namereject md5 clients
Value TypeREG_DWORD
Default Value0
True Value1
False Value0

samba.admx

Administrative Templates (Computers)