The Samba-Bugzilla – Bug 13135
The KDC logic arround msDs-supportedEncryptionTypes differs from Windows
Last modified: 2017-12-13 13:03:06 UTC
It seems this attribute is only evaluated for objects with objectClass=computer
and not for normal accounts.
The presence of a supported encryption type should also have some meaning if
a key for that type is not yet stored in the database.
But the KDC should notice support for new encryption types and use
that for session keys.
Created attachment 13866 [details]
Work in progress patches