Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DCs will issue rc4-hmac encrypted tickets despite the target server supporting better encryption (eg aes256-cts-hmac-sha1-96).
[
{
"vendor": "n/a",
"product": "Samba",
"versions": [
{
"version": "Fixed in samba 4.15.13, samba 4.16.8, samba 4.15.13",
"status": "affected"
}
]
}
]