diff options
Diffstat (limited to 'docs-xml/smbdotconf/winbind/requirestrongkey.xml')
| -rw-r--r-- | docs-xml/smbdotconf/winbind/requirestrongkey.xml | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/docs-xml/smbdotconf/winbind/requirestrongkey.xml b/docs-xml/smbdotconf/winbind/requirestrongkey.xml new file mode 100644 index 0000000..9c1c1d7 --- /dev/null +++ b/docs-xml/smbdotconf/winbind/requirestrongkey.xml @@ -0,0 +1,26 @@ +<samba:parameter name="require strong key" + context="G" + type="boolean" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para>This option controls whether winbindd requires support + for md5 strong key support for the netlogon secure channel.</para> + + <para>The following flags will be required NETLOGON_NEG_STRONG_KEYS, + NETLOGON_NEG_ARCFOUR and NETLOGON_NEG_AUTHENTICATED_RPC.</para> + + <para>You can set this to no if some domain controllers only support des. + This might allows weak crypto to be negotiated, may via downgrade attacks.</para> + + <para>The behavior can be controlled per netbios domain + by using 'require strong key:NETBIOSDOMAIN = no' as option.</para> + + <para>Note for active directory domain this option is hardcoded to 'yes'</para> + + <para>This option is over-ridden by the <smbconfoption name="reject md5 servers"/> option.</para> + + <para>This option overrides the <smbconfoption name="client schannel"/> option.</para> +</description> + +<value type="default">yes</value> +</samba:parameter> |