[Patch] Make samba4 return a correct Supported Encryption
Matthieu Patou
mat+Informatique.Samba at matws.net
Mon Sep 7 13:43:59 MDT 2009
On 09/07/2009 10:40 AM, Andrew Bartlett wrote:
> On Mon, 2009-09-07 at 10:07 +0400, Matthieu Patou wrote:
>
>> Hello,
>>
>> Please Find attached a patch that allow S4 to return correctly the
>> SupportedEncryption in the getDomainInfo RPC.
>>
>> This patch make the assumption that by default if the
>> msDS-SupportedEncryptionTypes is not populated then the workstation
>> support all the encryption up to RC4 (same assumption as Windows 2008
>> and upper do).
>>
> Didn't Microsoft indicate that this also depends on the 'DES' bit on the
> account?
>
> Or does this apply differently in the KDC to netlogon?
>
> Andrew Bartlett
>
>
I would rather be inclined to say that's the DES thing is only related
to KDC because at the opposite of the PA-SUPPORTED-ENCTYPES the
supportedEncryptionTypes in the getDomainInfo is to inform the client of
what the server knows about it and not what the server knows about the
desired service.
Matthieu.
More information about the samba-technical
mailing list