The remote Debian host is missing a security-related update.
Isaac Boukris and Andrew Bartlett discovered that the S4U2Self Kerberos extension used in Samba's Active Directory support was susceptible to man-in-the-middle attacks caused by incomplete checksum validation. Details can be found in the upstream advisory at
Upgrade the samba packages. For the stable distribution (stretch), this problem has been fixed in version 2:4.5.16+dfsg-1+deb9u2.