Posted on 10-12-2017 08:50 AM
I've been tasked to configure our Macs to force LDAP signing in our AD environment. I'm a bit new to this, so bare with me.
When I run the command below in Terminal, it says "Settings changed successfully."
dsconfigad -packetsign require
I placed the command in a policy and ran it successfully on our 10.11 and 10.12 Macs.
Still, the LDAP folks are saying that these Macs are still turning up as "Offenders," so I don't know if my script is working or I have the wrong command to begin with.
Any ideas? Thanks again, Jamf Nation.
Posted on 01-29-2020 01:35 AM
Check out this thread https://www.jamf.com/jamf-nation/discussions/34061/icymi-active-directory-will-require-ldap-over-ssl...
You might be missing another command, which would be
dsconfigad -packetencrypt ssl. Make sure you test this on one machine though before you roll it out, I tried doing both of these on my office Mac and ended up locking myself out of it! (fortunately logging in with the Ethernet cable unplugged allowed me to get back in, but still)