Web lists-archives.com

Re: [Samba] how to disable RC4 in samba




On Thu, 2018-05-03 at 14:41 +0800, ryanyang51--- via samba wrote:
> Hello,
> I find that samba support several encrypt method. Iwant to disable RC4, where can I set it? My samba version is  4.5.16.
> Thanks.

No, this isn't possible.  At best you could remove the use of arcfour-
hmac-md4 from Kerberos and RC4 from netlogon. 

For netlogon, set 'reject md5 clients = yes'

For kerberos, see the krb5.conf

The rest as listed here can't be directly controlled, particularly in
your older version:

https://gitlab.com/catalyst-samba/samba-docs/wikis/cryptography/what-pa
rts-of-samba-use-cryptography-and-what-algorithms-are-used

Samba 4.7 supports 'ntlm auth = disabled' which will block some more of
these indirectly however.

I hope this helps.  If you can explain your use case it will assist me
in helping you further. 

Andrew Bartlett

-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba