[Samba] DEPRECATED:arcfour-hmac
bd730c5053df9efb
bd730c5053df9efb at proton.me
Fri Dec 1 20:42:27 UTC 2023
It is related, I added the values
kdc default domain supported enctypes = 16
kdc supported enctypes = 16
and now the spn's encryption is aes256-cts-hmac-sha1-96
Thank you very much
Sent with Proton Mail secure email.
On Friday, December 1st, 2023 at 16:15, Rowland Penny via samba <samba at lists.samba.org> wrote:
> On Fri, 01 Dec 2023 18:27:08 +0000
> bd730c5053df9efb via samba samba at lists.samba.org wrote:
>
> > Hi Rowland, thank you very much for your prompt reply
> >
> > The output of the command says
> > 'host$' uses "msDS-SupportedEncryptionTypes": 28 (0x0000001c)
> > [ ] 0x00000001 DES-CBC-CRC
> > [ ] 0x00000002 DES-CBC-MD5
> > [X] 0x00000004 RC4-HMAC
> > [X] 0x00000008 AES128-CTS-HMAC-SHA1-96
> > [X] 0x00000010 AES256-CTS-HMAC-SHA1-96
> > [ ] 0x00000020 AES256-CTS-HMAC-SHA1-96-SK
> > [ ] 0x00080000 RESOURCE-SID-COMPRESSION-DISABLED
>
>
> That's what I get, so I tried creating the user and keytab and, just
> like you, I ended up with just one key. I wonder if this has anything to
> do with CVE-2022-37966:
>
> https://www.samba.org/samba/security/CVE-2022-37966.html
>
> Try reading the smb.conf manpage on the relevant kdc parameters.
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list