Hi guys,
We currently bind our Macs to AD as we are predominately a Windows shop, and I've been asked by our infrastructure team to ensure that our clients no longer send unsigned LDAP connections to our domain controllers. Until now, I've been binding our Macs via a script containing the following options:
dsconfigad -packetsign allow -packetencrypt allow
And I've now changed this to:
dsconfigad -packetsign require -packetencrypt ssl
I've tried just issuing this command in a Terminal window, and editing the bind script with these options which forces an unbind and then rebinds. However, post this change my test Macs are still sending unsigned LDAP connections on port 389/3268 rather than 636/3269, according to Wireshark.
Can somebody please guide me in the right direction?
The long term plan to to go to NoMAD/Jamf Connect or similar, but we are just not there yet...
Thanks!
