require strong key

This option controls whether winbindd requires support for md5 strong key support for the netlogon secure channel.
The following flags will be required NETLOGON_NEG_STRONG_KEYS, NETLOGON_NEG_ARCFOUR and NETLOGON_NEG_AUTHENTICATED_RPC.
You can set this to no if some domain controllers only support des. This might allows weak crypto to be negotiated, may via downgrade attacks.
The behavior can be controlled per netbios domain by using 'require strong key:NETBIOSDOMAIN = no' as option.
Note for active directory domain this option is hardcoded to 'yes'
This option yields precedence to the option.
This option takes precedence to the option.

Supported on: At least Microsoft Windows 7 or Windows Server 2008 family

require strong key
Registry HiveHKEY_LOCAL_MACHINE
Registry PathSoftware\Policies\Samba\smb_conf\require strong key
Value Namerequire strong key
Value TypeREG_DWORD
Default Value1
True Value1
False Value0

samba.admx

Administrative Templates (Computers)