Version Affected: all
The Microsoft channel binding and LDAP signing update for Active Directory will disable basic authentication requests sent to Domain Controllers.
Due to a security issue, Microsoft has decided to disable all basic (clear text) authentication access to Active Directory.
Once this mandatory patch is applied to Active Directory servers, the SecureAuth Standard authentication method will no longer work when attempting to connect to Active Directory through the IdP.
To resolve the issue, use the Secure or SSL modes to access Active Directory servers.
For additional information please see the following Microsoft articles:
2020 LDAP channel binding and LDAP signing requirement for Windows
ADV190023 | Microsoft Guidance for Enabling LDAP Channel Binding and LDAP Signing
Use the LdapEnforceChannelBinding registry entry to make LDAP authentication over SSL/TLS more secure
SecureAuth Knowledge Base Articles provide information based on specific use cases and may not apply to all appliances or configurations. Be advised that these instructions could cause harm to the environment if not followed correctly or if they do not apply to the current use case.
Customers are responsible for their own due diligence prior to utilizing this information and agree that SecureAuth is not liable for any issues caused by misconfiguration directly or indirectly related to SecureAuth products.
Please sign in to leave a comment.