docs-xml: document 'disable aes schannel'

author Stefan Metzmacher <metze@samba.org>

Fri, 18 Oct 2013 05:28:07 +0000 (07:28 +0200)

committer Stefan Metzmacher <metze@samba.org>

Thu, 19 Dec 2013 19:47:06 +0000 (20:47 +0100)
author Stefan Metzmacher <metze@samba.org>
Fri, 18 Oct 2013 05:28:07 +0000 (07:28 +0200)
committer Stefan Metzmacher <metze@samba.org>
Thu, 19 Dec 2013 19:47:06 +0000 (20:47 +0100)
diff --git a/docs-xml/smbdotconf/winbind/disableaesschannel.xml b/docs-xml/smbdotconf/winbind/disableaesschannel.xml

new file mode 100644 (file)

index 0000000..25e971e
--- /dev/null
+++ b/docs-xml/smbdotconf/winbind/disableaesschannel.xml
@@ -0,0 +1,23 @@
+<samba:parameter name="disable aes schannel"
+                 context="G"
+                 type="boolean"
+                 advanced="1"
+                 xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+       <para>This option controls whether winbindd does not try to negotiate
+       aes support (NETLOGON_NEG_SUPPORTS_AES) for netlogon secure channel connections.</para>
+
+       <para>Typically you should never set this.
+       Disabling aes can be useful for debugging purposes.</para>
+
+       <para>Note: "disable aes schannel = yes" might be needed against older
+       Samba versions (before bug #6099 was fixed) and NT 4.0.</para>
+
+       <para>The behavior can be controlled per netbios domain
+       by using 'disable aes schannel:NETBIOSDOMAIN = yes' as option.</para>
+
+       <para>This option yields precedence to the 'reject md5 servers' option.</para>
+</description>
+
+<value type="default">no</value>
+</samba:parameter>
author	Stefan Metzmacher <metze@samba.org>
	Fri, 18 Oct 2013 05:28:07 +0000 (07:28 +0200)
committer	Stefan Metzmacher <metze@samba.org>
	Thu, 19 Dec 2013 19:47:06 +0000 (20:47 +0100)