While Active Directory does not support yet RFC 8009 encryption and checksum types, it is possible to verify these checksums when running with both MIT Kerberos and Heimdal Kerberos. This matters for FreeIPA domain controller which uses them by default.
Created attachment 18287 [details] patch for 4.20
Comment on attachment 18287 [details] patch for 4.20 LGTM.
Jule, please include the patch in 4.20. Thanks!
Pushed to autobuild-v4-20-test.
This bug was referenced in samba v4-20-test: 215bb9bd48e9aae04ff39633f6dd9255a989bf98
Closing out bug report. Thanks!
This bug was referenced in samba v4-20-stable (Release samba-4.20.1): 215bb9bd48e9aae04ff39633f6dd9255a989bf98