Force LDAP Signing

Valued Contributor II


I've been tasked to configure our Macs to force LDAP signing in our AD environment. I'm a bit new to this, so bare with me.

When I run the command below in Terminal, it says "Settings changed successfully."
dsconfigad -packetsign require

I placed the command in a policy and ran it successfully on our 10.11 and 10.12 Macs.

Still, the LDAP folks are saying that these Macs are still turning up as "Offenders," so I don't know if my script is working or I have the wrong command to begin with.

Any ideas? Thanks again, Jamf Nation.a12568909fa84722a84415a138a2563e


Contributor III

Check out this thread

You might be missing another command, which would be dsconfigad -packetencrypt ssl. Make sure you test this on one machine though before you roll it out, I tried doing both of these on my office Mac and ended up locking myself out of it! (fortunately logging in with the Ethernet cable unplugged allowed me to get back in, but still)