[Samba] DEPRECATED:arcfour-hmac

Rowland Penny rpenny at samba.org
Fri Dec 1 19:15:57 UTC 2023


On Fri, 01 Dec 2023 18:27:08 +0000
bd730c5053df9efb via samba <samba at lists.samba.org> wrote:

> Hi Rowland, thank you very much for your prompt reply
> 
> The output of the command says
> 'host$' uses "msDS-SupportedEncryptionTypes": 28 (0x0000001c)
> [ ] 0x00000001 DES-CBC-CRC
> [ ] 0x00000002 DES-CBC-MD5
> [X] 0x00000004 RC4-HMAC
> [X] 0x00000008 AES128-CTS-HMAC-SHA1-96
> [X] 0x00000010 AES256-CTS-HMAC-SHA1-96
> [ ] 0x00000020 AES256-CTS-HMAC-SHA1-96-SK
> [ ] 0x00080000 RESOURCE-SID-COMPRESSION-DISABLED
> 
>

That's what I get, so I tried creating the user and keytab and, just
like you, I ended up with just one key. I wonder if this has anything to
do with CVE-2022-37966:

https://www.samba.org/samba/security/CVE-2022-37966.html

Try reading the smb.conf manpage on the relevant kdc parameters.

Rowland



More information about the samba mailing list