We are migrating samba3 to samba4, all our clients are windows7. We have performed classicupgrade without problems, but samba only uses RC4 as kerberos encryption. We have made a domain level raise to 2008_R2, but samba still uses RC4 instead AES. As a test we forced the use of the AES256 encryption by setting in the file /usr/local/samba/lib64/python2.6/site-packages/samba/upgrade.py: result = provision(logger, session_info, None, targetdir=targetdir, realm=realm, domain=domainname, domainsid=str(domainsid), next_rid=next_rid, dc_rid=machinerid, adminpass = adminpass, - dom_for_fun_level=dsdb.DS_DOMAIN_FUNCTION_2003, + dom_for_fun_level=dsdb.DS_DOMAIN_FUNCTION_2008_R2, hostname=netbiosname.lower(), machinepass=machinepass, serverrole=serverrole, samdb_fill=FILL_FULL, useeadb=useeadb, dns_backend=dns_backend, use_rfc2307=True, use_ntvfs=use_ntvfs, skip_sysvolacl=True) Workarraund: - Run source4/scripting/devel/chgtdcpass - samba-tool user password krbtgt