s4:auth: Export AES128 gMSA keys along with AES256 keys by default

This is what an existing test expects.

Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

2 files changed, 1 insertions, 2 deletions

diff --git a/selftest/knownfail.d/gmsa b/selftest/knownfail.d/gmsa
deleted file mode 100644
index 7a126d6cc22..00000000000
--- a/selftest/knownfail.d/gmsa
+++ /dev/null
@@ -1 +0,0 @@
-^samba.tests.dckeytab.samba.tests.dckeytab.DCKeytabTests.test_export_keytab_gmsa
diff --git a/source4/auth/kerberos/srv_keytab.c b/source4/auth/kerberos/srv_keytab.c
index 4d5306d9002..a2f0d172e02 100644
--- a/source4/auth/kerberos/srv_keytab.c
+++ b/source4/auth/kerberos/srv_keytab.c
@@ -350,7 +350,7 @@ NTSTATUS smb_krb5_fill_keytab_gmsa_keys(TALLOC_CTX *mem_ctx,
 
 	supported_enctypes = ldb_msg_find_attr_as_uint(msg,
 						       "msDS-SupportedEncryptionTypes",
-						       ENC_HMAC_SHA1_96_AES256);
+						       ENC_STRONG_SALTED_TYPES);
 	/*
 	 * We trim this down to just the salted AES types, as the
 	 * passwords are now wrong for rc4-hmac due to the mapping of