Hi Andrew, The msDS-SupportedEncryptionTypes attribute is populated at object creation time by the subjects that support the property. It is also updated whenever there's a change on the object's configuration that require an update of the property. Meaning that when a subject changes the type of encryption it supports, it modifies this attribute to reflect the change.
With regards of the NETLOGON_DOMAIN_INFO, I'll check with Obaid to see if I can be of any help. Please let me know if this answer fully addresses your question. Thanks and regards, Sebastian Sebastian Canevari Senior Support Escalation Engineer, US-CSSĀ DSC PROTOCOL TEAM 7100 N Hwy 161, Irving, TX - 75039 "Las Colinas - LC2" Tel: +1 469 775 7849 e-mail: [email protected] -----Original Message----- From: Andrew Bartlett [mailto:[email protected]] Sent: Tuesday, August 18, 2009 1:01 AM To: Sebastian Canevari Cc: [email protected]; [email protected] Subject: RE: How to determine if an account should use AES? On Fri, 2009-08-14 at 11:40 -0700, Sebastian Canevari wrote: > Hi Andrew, > > I've been investigating this and I'm still discussing with the product group > what would be the best way to better detail this process. > > As explained in the document, the KDC will rely on the AD property > msDS-SupportedEncryptionTypes. > Now, if the property is not populated by the server or service, then the KDC > will default to RC4 which is the legacy type. So, the outstanding question is: what would normally populate that attribute? > With respect to the NETLOGON_DOMAIN_INFO, Matthieu is working with Obaid on > that section and I believe Obaid is sending him his response shortly. I have to say, I'm not the wiser from Obaid's answer. Sorry. Perhaps you could spell it out a bit more clearly? Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Cisco Inc. _______________________________________________ cifs-protocol mailing list [email protected] https://lists.samba.org/mailman/listinfo/cifs-protocol
