The Samba-Bugzilla – Bug 13135
The KDC logic arround msDs-supportedEncryptionTypes differs from Windows
Last modified: 2017-11-14 15:15:01 UTC
It seems this attribute is only evaluated for objects with objectClass=computer
and not for normal accounts.
The presence of a supported encryption type should also have some meaning if
a key for that type is not yet stored in the database.
But the KDC should notice support for new encryption types and use
that for session keys.