|
Last change
on this file was 988, checked in by Silvan Scherrer, 9 years ago |
|
Samba Server: update vendor to version 4.4.3
|
|
File size:
1.0 KB
|
| Line | |
|---|
| 1 | <samba:parameter name="allow nt4 crypto"
|
|---|
| 2 | context="G"
|
|---|
| 3 | type="boolean"
|
|---|
| 4 | xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
|
|---|
| 5 | <description>
|
|---|
| 6 | <para>This option controls whether the netlogon server (currently
|
|---|
| 7 | only in 'active directory domain controller' mode), will
|
|---|
| 8 | reject clients which does not support NETLOGON_NEG_STRONG_KEYS
|
|---|
| 9 | nor NETLOGON_NEG_SUPPORTS_AES.</para>
|
|---|
| 10 |
|
|---|
| 11 | <para>This option was added with Samba 4.2.0. It may lock out clients
|
|---|
| 12 | which worked fine with Samba versions up to 4.1.x. as the effective default
|
|---|
| 13 | was "yes" there, while it is "no" now.</para>
|
|---|
| 14 |
|
|---|
| 15 | <para>If you have clients without RequireStrongKey = 1 in the registry,
|
|---|
| 16 | you may need to set "allow nt4 crypto = yes", until you have fixed all clients.
|
|---|
| 17 | </para>
|
|---|
| 18 |
|
|---|
| 19 | <para>"allow nt4 crypto = yes" allows weak crypto to be negotiated, maybe via downgrade attacks.</para>
|
|---|
| 20 |
|
|---|
| 21 | <para>This option yields precedence to the 'reject md5 clients' option.</para>
|
|---|
| 22 | </description>
|
|---|
| 23 |
|
|---|
| 24 | <value type="default">no</value>
|
|---|
| 25 | </samba:parameter>
|
|---|
Note:
See
TracBrowser
for help on using the repository browser.
