[Patch] Make samba4 return a correct Supported Encryption

Matthieu Patou mat+Informatique.Samba at matws.net
Mon Sep 7 13:43:59 MDT 2009

On 09/07/2009 10:40 AM, Andrew Bartlett wrote:
> On Mon, 2009-09-07 at 10:07 +0400, Matthieu Patou wrote:
>> Hello,
>> Please Find attached a patch that allow S4 to return correctly the
>> SupportedEncryption in the getDomainInfo RPC.
>> This patch make the assumption that by default if the
>> msDS-SupportedEncryptionTypes is not populated then the workstation
>> support all the encryption up to RC4 (same assumption as Windows 2008
>> and upper do).
> Didn't Microsoft indicate that this also depends on the 'DES' bit on the
> account?
> Or does this apply differently in the KDC to netlogon?
> Andrew Bartlett
I would rather be inclined to say that's the DES thing is only related 
to KDC because at the opposite of the PA-SUPPORTED-ENCTYPES the 
supportedEncryptionTypes in the getDomainInfo is to inform the client of 
what the server knows about it and not what the server knows about the 
desired service.


More information about the samba-technical mailing list