ADV190023 | LDAP channel binding support

Andrew Walker awalker at
Tue Feb 18 16:44:06 UTC 2020

On Tue, Feb 18, 2020 at 11:07 AM Isaac Boukris via samba-technical <
samba-technical at> wrote:

> Hi,
> I tested net-ads-search from a joined machine configured with "ldap
> ssl ads = yes", and it works once I also set "client ldap sasl
> wrapping = plain".
> However it doesn't work when I configure the DC to require
> channel-binding with LdapEnforceChannelBinding=2 as per ADV190023.

My understanding is that the new defaults for Windows in March are:
- LDAP Channel Binding = 1
- Domain controller: LDAP server signing requirements" = Require Signing
- Network security: LDAP client signing requirements = Require Signing

More information about the samba-technical mailing list