Content Comparison

This page serves as a record for eliminating the use of unsigned protocols or plaint text LDAP from macOS computers bound to an Active Directory domain.

Updates

2020-03-07:

On Wednesday March 3, WSG updated the domain controller certificates to meet the Catalina certificate requirements. We have verified that the client now binds successfully.

2020-02-26:

Issues separate into two forks.

...

2020-02-05:

Filed with Apple as:

• AppleCare Enterprise 101019106553
• Feedback FB7565297
  
  

References

• Microsoft
  • ADV190023 | Microsoft Guidance for Enabling LDAP Channel Binding and LDAP Signing
  • 2020 LDAP channel binding and LDAP signing requirement for Windows
  • LDAP Channel Binding and LDAP Signing Requirements
  • An update is available that changes client bind type information in Event ID 2889 in Windows Server 2008 R2
• Joe Schiffman's solution guide
  • Bind Mac OS to Active Directory over SSL (UCI only)
• Apple
  • Configure domain access in Directory Utility on Mac
  • Requirements for trusted certificates in iOS 13 and macOS 10.15

...