Set the default value of msDS-SupportedEncryptionTypes for service accounts in Active Directory that are missing this value or where msDS-SupportedEncryptionTypes is set to 0. This allows Samba administrators to match the configuration flexibility provided by the HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\KDC\DefaultDomainSupportedEncTypes Registry Value on Windows. Unlike the Windows registry key (which only takes an base-10 number), in Samba this may also be expressed in hexadecimal or as a list of Kerberos encryption type names. Specified values are ORed together bitwise, and those currently supported consist of: arcfour-hmac-md5, rc4-hmac, 0x4, or 4 Known on Windows as Kerberos RC4 encryption aes128-cts-hmac-sha1-96, aes128-cts, 0x8, or 8 Known on Windows as Kerberos AES 128 bit encryption aes256-cts-hmac-sha1-96, aes256-cts, 0x10, or 16 Known on Windows as Kerberos AES 256 bit encryption aes256-cts-hmac-sha1-96-sk, aes256-cts-sk, 0x20, or 32 Allow AES session keys. When this is set, it indicates to the KDC that AES session keys can be used, even when aes256-cts and aes128-cts are not set. This allows use of AES keys against hosts otherwise only configured with RC4 for ticket keys (which is the default). 0maps to what the software supports currently: arcfour-hmac-md5 aes256-cts-hmac-sha1-96-sk