[Samba] Change of kerberos encryption from DES to AES

Rob Townley rob.townley at gmail.com
Fri Aug 27 15:34:55 MDT 2010

On Thu, Aug 26, 2010 at 10:41 AM, Masopust, Christian
<christian.masopust at siemens.com> wrote:
> Hello all,
> as our Windows DCs will switch off DES encryption in the near future I
> have to change our
> Samba-Server to AES encryption.
> If I understand it correctly I have to change kerberos-configuration to
> new encryption type
> (aes256-cts-hmac-sha1-96) and then re-join my Samba-Server to the
> domain.
> Is this correct?  Any other things to consider?
> Thanks a lot,
> Christian
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

i don't know how helpful this will be, but i will need to do the same.

i believe the samba server should generate the supported encryption
types from AD.
Not sure you have to manually change it, but the following blog posts
i have found helpful.

This is one 2006 howto video on migrating from DES to RC4.

More information about the samba mailing list