Force LDAP Signing

mvu
Valued Contributor

Hello,

I've been tasked to configure our Macs to force LDAP signing in our AD environment. I'm a bit new to this, so bare with me.

When I run the command below in Terminal, it says "Settings changed successfully."
dsconfigad -packetsign require

I placed the command in a policy and ran it successfully on our 10.11 and 10.12 Macs.

Still, the LDAP folks are saying that these Macs are still turning up as "Offenders," so I don't know if my script is working or I have the wrong command to begin with.

Any ideas? Thanks again, Jamf Nation.a12568909fa84722a84415a138a2563e

1 REPLY 1

DanJ_LRSFC
Contributor II

Check out this thread https://www.jamf.com/jamf-nation/discussions/34061/icymi-active-directory-will-require-ldap-over-ssl...

You might be missing another command, which would be dsconfigad -packetencrypt ssl. Make sure you test this on one machine though before you roll it out, I tried doing both of these on my office Mac and ended up locking myself out of it! (fortunately logging in with the Ethernet cable unplugged allowed me to get back in, but still)