ADV190023 | LDAP channel binding support
awalker at ixsystems.com
Tue Feb 18 16:44:06 UTC 2020
On Tue, Feb 18, 2020 at 11:07 AM Isaac Boukris via samba-technical <
samba-technical at lists.samba.org> wrote:
> I tested net-ads-search from a joined machine configured with "ldap
> ssl ads = yes", and it works once I also set "client ldap sasl
> wrapping = plain".
> However it doesn't work when I configure the DC to require
> channel-binding with LdapEnforceChannelBinding=2 as per ADV190023.
My understanding is that the new defaults for Windows in March are:
- LDAP Channel Binding = 1
- Domain controller: LDAP server signing requirements" = Require Signing
- Network security: LDAP client signing requirements = Require Signing
More information about the samba-technical