reject md5 servers

This option controls whether winbindd requires support for aes support for the netlogon secure channel.
The following flags will be required NETLOGON_NEG_ARCFOUR, NETLOGON_NEG_SUPPORTS_AES, NETLOGON_NEG_PASSWORD_SET2 and NETLOGON_NEG_AUTHENTICATED_RPC.
You can set this to yes if all domain controllers support aes. This will prevent downgrade attacks.
The behavior can be controlled per netbios domain by using 'reject md5 servers:NETBIOSDOMAIN = yes' as option.
This option takes precedence to the option.

Supported on: At least Microsoft Windows 7 or Windows Server 2008 family

reject md5 servers
Registry HiveHKEY_LOCAL_MACHINE
Registry PathSoftware\Policies\Samba\smb_conf\reject md5 servers
Value Namereject md5 servers
Value TypeREG_DWORD
Default Value0
True Value1
False Value0

samba.admx

Administrative Templates (Computers)