Core Infrastructure and Security Blog
Copied!
Home
Options
232
Sean Greenbaum on 01-28-2020 09:19 AM
2,339
Stanislav Belov on 01-16-2020 11:59 PM
821
wallenc on 01-13-2020 12:01 AM
2,423
Bruno Gabrielli on 01-05-2020 03:01 PM
2,698
John_Clyburn on 12-30-2019 12:00 AM
7,523
LijuV on 12-22-2019 09:00 PM
3,107
Stanislav Belov on 12-17-2019 11:55 PM
3,499
John_Clyburn on 12-16-2019 12:00 AM
19.9K
Mike Kammer on 12-10-2019 06:21 AM
4,138
Paul Bergson on 12-04-2019 02:12 PM
6,740
wallenc on 11-26-2019 01:08 PM
2,734
Zoheb Shaikh on 11-19-2019 06:22 AM
1,926
Stanislav Belov on 11-12-2019 11:00 PM
3,371
SteveMat on 11-11-2019 02:27 PM
73.3K
Alan La Pietra on 11-04-2019 06:26 AM
907
Sean Leonard on 11-01-2019 03:23 PM
916
Joe_Zinn on 11-01-2019 03:22 PM
1,014
Joe_Zinn on 11-01-2019 03:22 PM
1,000
Joe_Zinn on 11-01-2019 03:22 PM
816
Sean Leonard on 11-01-2019 03:21 PM
809
Joe_Zinn on 11-01-2019 03:21 PM
778
Joe_Zinn on 11-01-2019 03:21 PM
2,021
Joe_Zinn on 11-01-2019 03:20 PM
825
Joe_Zinn on 11-01-2019 03:20 PM
1,135
Joe_Zinn on 11-01-2019 03:20 PM
1,206
Joe_Zinn on 11-01-2019 03:20 PM
1,913
Joe_Zinn on 11-01-2019 03:20 PM
2,338
Joe_Zinn on 11-01-2019 03:20 PM
827
AMARSIGLIA on 11-01-2019 03:20 PM
849
Joe_Zinn on 11-01-2019 03:20 PM
Latest Comments
@JJDDASC I'm aggree with you, 3 Pages of discussion, alot of different way's, alot of confusion... For us and our customer it would be nice to know:1. does anything finaly change with the march patches now or not ?2. if yes is LDAP channel binding and signing required then ?3. if these patches reall...
0 Likes
@Alan La Pietra does the fact that this article having 3 pages and growing of comments from users who are struggling to understand exactly what Microsoft is planning on doing in March give you a hint that the explanations of these changes need more work and details. I have seen the same on this foru...
2 Likes
Thanks Ross, Yes, those are the links that I have used to configure STARTTLS. I have also configured the NetApps to use signing. I'm working with NetApp Support on this. They have advised not to use sealing and to use STARTTLS. They are also pretty sure that the STARTTLS has been implemented to work...
0 Likes
@BenBrazil Please see updates in the previous post. What you need to do, is to configure signing and preferably sealing. Although, I guess you have to enable Channel Binding on DCs (KB4034879), before you configure client to use sealing.3269 is Secure LDAP Global Catalogue, it is using SSL(TLS) just...
0 Likes
Hi Ross, Yes, I've got a certificate on our DC's. All of the other systems that I have re-configured so far using TLS over 3269 work fine. STARTTLS appears to only use port 389 to perform the initial connection request and then encrypts the connection again over 389. I'm not sure if this can be conf...
0 Likes