Microsoft LDAP Channel Binding and LDAP signing update for Windows Active Directory

Follow

Version Affected:  all

Description:  

The Microsoft channel binding and LDAP signing update for Active Directory will disable basic authentication requests sent to Domain Controllers.

 

Cause:  

Due to a security issue, Microsoft has decided to disable all basic (clear text) authentication access to Active Directory.

 

Resolution:  

Once this mandatory patch is applied to Active Directory servers, the SecureAuth Standard authentication method will no longer work when attempting to connect to Active Directory through the IdP.

To resolve the issue, use the Secure or SSL modes to access Active Directory servers.

 

Special Considerations:  

For additional information please see the following Microsoft articles:

2020 LDAP channel binding and LDAP signing requirement for Windows

https://support.microsoft.com/en-ca/help/4520412/2020-ldap-channel-binding-and-ldap-signing-requirement-for-windows

 

ADV190023 | Microsoft Guidance for Enabling LDAP Channel Binding and LDAP Signing

https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV190023

 

Use the LdapEnforceChannelBinding registry entry to make LDAP authentication over SSL/TLS more secure

https://support.microsoft.com/en-us/help/4034879/how-to-add-the-ldapenforcechannelbinding-registry-entry

 

 

SecureAuth Knowledge Base Articles provide information based on specific use cases and may not apply to all appliances or configurations. Be advised that these instructions could cause harm to the environment if not followed correctly or if they do not apply to the current use case.

Customers are responsible for their own due diligence prior to utilizing this information and agree that SecureAuth is not liable for any issues caused by misconfiguration directly or indirectly related to SecureAuth products.

0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.