[Samba] DEPRECATED:arcfour-hmac
Rowland Penny
rpenny at samba.org
Fri Dec 1 19:15:57 UTC 2023
On Fri, 01 Dec 2023 18:27:08 +0000
bd730c5053df9efb via samba <samba at lists.samba.org> wrote:
> Hi Rowland, thank you very much for your prompt reply
>
> The output of the command says
> 'host$' uses "msDS-SupportedEncryptionTypes": 28 (0x0000001c)
> [ ] 0x00000001 DES-CBC-CRC
> [ ] 0x00000002 DES-CBC-MD5
> [X] 0x00000004 RC4-HMAC
> [X] 0x00000008 AES128-CTS-HMAC-SHA1-96
> [X] 0x00000010 AES256-CTS-HMAC-SHA1-96
> [ ] 0x00000020 AES256-CTS-HMAC-SHA1-96-SK
> [ ] 0x00080000 RESOURCE-SID-COMPRESSION-DISABLED
>
>
That's what I get, so I tried creating the user and keytab and, just
like you, I ended up with just one key. I wonder if this has anything to
do with CVE-2022-37966:
https://www.samba.org/samba/security/CVE-2022-37966.html
Try reading the smb.conf manpage on the relevant kdc parameters.
Rowland
More information about the samba
mailing list