Core Infrastructure and Security Blog
Copied!
Home
Options
789
Stanislav Belov on 11-12-2019 11:00 PM
1,707
SteveMat on 11-11-2019 02:27 PM
4,195
Alan La Pietra on 11-04-2019 06:26 AM
152
Sean Leonard on 11-01-2019 03:23 PM
200
Joe_Zinn on 11-01-2019 03:22 PM
281
Joe_Zinn on 11-01-2019 03:22 PM
178
Joe_Zinn on 11-01-2019 03:22 PM
104
Sean Leonard on 11-01-2019 03:21 PM
107
Joe_Zinn on 11-01-2019 03:21 PM
102
Joe_Zinn on 11-01-2019 03:21 PM
102
Joe_Zinn on 11-01-2019 03:20 PM
108
Joe_Zinn on 11-01-2019 03:20 PM
152
Joe_Zinn on 11-01-2019 03:20 PM
420
Joe_Zinn on 11-01-2019 03:20 PM
504
Joe_Zinn on 11-01-2019 03:20 PM
417
Joe_Zinn on 11-01-2019 03:20 PM
97
AMARSIGLIA on 11-01-2019 03:20 PM
100
Joe_Zinn on 11-01-2019 03:20 PM
99
ktackett on 11-01-2019 03:17 PM
89
AMARSIGLIA on 11-01-2019 03:12 PM
93
ktackett on 11-01-2019 03:12 PM
89
AMARSIGLIA on 11-01-2019 03:09 PM
85
ktackett on 11-01-2019 03:08 PM
86
ktackett on 11-01-2019 03:08 PM
87
ktackett on 11-01-2019 03:07 PM
96
ktackett on 11-01-2019 03:05 PM
84
AMARSIGLIA on 11-01-2019 03:02 PM
83
AMARSIGLIA on 11-01-2019 03:02 PM
94
AMARSIGLIA on 11-01-2019 03:02 PM
86
AMARSIGLIA on 11-01-2019 03:01 PM
Latest Comments
I was able to find a Mac that I put in our isolated test network. In that environment, I set the DC GPO for "Domain Controller: require signing", the domain GPO to "Network Client: require signing". On the DC GPO I created the Registry entry for "LDAP Channel Binding = 1". I successfully tested usin...
0 Likes
ajm-b, yes that would be great. We'll be holding off on the domain controllers until February so I'll have some time. We do have a closed off test network and we may be able to test some Macs there. I don't know too much about Macs and I'm never one who joins them to the domain, but I had been under...
0 Likes
@CFS3RD, as I understand it "Require Signing" only has to do with non-TLS 389, it doesn't come into play with 636 binds. We have plenty of macs here - if you wanna hit me up in about a month I can probably tell you how it went.
0 Likes
Hyper-V virtual machines will be offered the microcode updates from Microsoft Update (assuming the CPUID matches) however the host is what really needs to be updated as it's payload is passed through to the virtual machines. From a Windows Server 2016 Virtual Machine: They are classified as "Updates...
1 Likes
For our third party applications and our OSX member computers that use LDAP over SSL (port 636), will they continue to communicate successfully with the domain controllers set to Require Signing? It sounds like they will fail. In that case we'll never be able to set it to Require Signing. Related, I...
0 Likes