Microsoft LDAP Channel Binding and LDAP signing update for Windows Active Directory

Follow
    Applies to:
  • SecureAuth Identity Platform
  • Legacy SecureAuth IdP
Deployment model:
  • Hybrid
  • On Premises
  • Version Affected:  all

    Description:  

    The Microsoft channel binding and LDAP signing update for Active Directory will disable basic authentication requests sent to Domain Controllers.

     

    Cause:  

    Due to a security issue, Microsoft has decided to disable all basic (clear text) authentication access to Active Directory.

     

    Resolution:  

    Once this mandatory patch is applied to Active Directory servers, the SecureAuth Standard authentication method will no longer work when attempting to connect to Active Directory through the IdP.

    To resolve the issue, use the Secure or SSL modes to access Active Directory servers.

     

    Special Considerations:  

    For additional information please see the following Microsoft articles:

    2020 LDAP channel binding and LDAP signing requirement for Windows

    https://support.microsoft.com/en-ca/help/4520412/2020-ldap-channel-binding-and-ldap-signing-requirement-for-windows

     

    ADV190023 | Microsoft Guidance for Enabling LDAP Channel Binding and LDAP Signing

    https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV190023

     

    Use the LdapEnforceChannelBinding registry entry to make LDAP authentication over SSL/TLS more secure

    https://support.microsoft.com/en-us/help/4034879/how-to-add-the-ldapenforcechannelbinding-registry-entry

     

     

    SecureAuth Knowledge Base Articles provide information based on specific use cases and may not apply to all appliances or configurations. Be advised that these instructions could cause harm to the environment if not followed correctly or if they do not apply to the current use case.

    Customers are responsible for their own due diligence prior to utilizing this information and agree that SecureAuth is not liable for any issues caused by misconfiguration directly or indirectly related to SecureAuth products.

    0 out of 0 found this helpful

    Comments

    0 comments

    Please sign in to leave a comment.