[Samba] Upgrade to Samba 4.12 question

Jiří Černý cerny at svmetal.cz
Mon Oct 5 08:49:55 UTC 2020

Hello, guys. 

I‘d like to upgrade our Samba 4.11 AD to 4.12. In release notes,
„Retiring DES encryption types in Kerberos.
With this release, support for DES encryption types has been removed
Samba, and setting DES_ONLY flag for an account will cause Kerberos
authentication to fail for that account (see RFC-6649).“

In our network, we have some really ancient machines, which are SMB one
only. These are CNC machines with some embedded Windows like 95, so
upgrade of OS is impossible.
While that machines communicate with fileserver, I can see this message
in log.samba on DC:
„ Auth: [NETLOGON,ServerAuthenticate] user [SVMETAL]\[TCL3030$] at
[Mon, 05 Oct 2020 10:31:40.762795 CEST] with [DES] status
[NT_STATUS_DOWNGRADE_DETECTED] workstation [(null)] remote host
[ipv4:] mapped to [(null)]\[(null)]. local host
[ipv4:]  NETLOGON computer [TCL3030] trust account

Does it mean, when I upgrade to Samba 4.12, that machine communications
will be refused? 
So we have to stay (stuck) on Samba 4.11?
Or is there possibility to go around this?

Thank you for answer.

Best regards
Jiří Černý
System administrator
+420 775 860 300
cerny at svmetal.cz
helpdesk at svmetal.cz
SV metal spol. s r.o.
Divec 99
500 03 Hradec Králové
Czech republic

More information about the samba mailing list