Skip to main content
Question

Force LDAP Signing

  • October 12, 2017
  • 1 reply
  • 10 views
mvu
Forum|alt.badge.img+20

Hello,

I've been tasked to configure our Macs to force LDAP signing in our AD environment. I'm a bit new to this, so bare with me.

When I run the command below in Terminal, it says "Settings changed successfully."
dsconfigad -packetsign require

I placed the command in a policy and ran it successfully on our 10.11 and 10.12 Macs.

Still, the LDAP folks are saying that these Macs are still turning up as "Offenders," so I don't know if my script is working or I have the wrong command to begin with.

Any ideas? Thanks again, Jamf Nation.

    1 reply

    D
    Forum|alt.badge.img+10
    • DanJ_LRSFC
    • Valued Contributor
    • January 29, 2020

    Check out this thread https://www.jamf.com/jamf-nation/discussions/34061/icymi-active-directory-will-require-ldap-over-ssl-in-2020

    You might be missing another command, which would be dsconfigad -packetencrypt ssl. Make sure you test this on one machine though before you roll it out, I tried doing both of these on my office Mac and ended up locking myself out of it! (fortunately logging in with the Ethernet cable unplugged allowed me to get back in, but still)

    Terms & ConditionsCookie settingsAccessibility statement