Help

Force LDAP Signing

obi-k
Valued Contributor III

Posted on ‎10-12-2017 08:50 AM

Hello,

I've been tasked to configure our Macs to force LDAP signing in our AD environment. I'm a bit new to this, so bare with me.

When I run the command below in Terminal, it says "Settings changed successfully."
dsconfigad -packetsign require

I placed the command in a policy and ran it successfully on our 10.11 and 10.12 Macs.

Still, the LDAP folks are saying that these Macs are still turning up as "Offenders," so I don't know if my script is working or I have the wrong command to begin with.

Any ideas? Thanks again, Jamf Nation.a12568909fa84722a84415a138a2563e

Labels:
Reply
1 REPLY 1

DanJ_LRSFC
Contributor III

Posted on ‎01-29-2020 01:35 AM

Check out this thread https://www.jamf.com/jamf-nation/discussions/34061/icymi-active-directory-will-require-ldap-over-ssl...

You might be missing another command, which would be dsconfigad -packetencrypt ssl. Make sure you test this on one machine though before you roll it out, I tried doing both of these on my office Mac and ended up locking myself out of it! (fortunately logging in with the Ethernet cable unplugged allowed me to get back in, but still)

0 Kudos
Reply