This page serves as a record of the testing done, and remaining, for eliminating the use of unsigned protocols or plaint text LDAP from macOS computers to using resources from an Active Directory domain.
References
- Microsoft
- ADV190023 | Microsoft Guidance for Enabling LDAP Channel Binding and LDAP Signing
- 2020 LDAP channel binding and LDAP signing requirement for Windows
- LDAP Channel Binding and LDAP Signing Requirements
- An update is available that changes client bind type information in Event ID 2889 in Windows Server 2008 R2
A value of 1 indicates a simple bind, and a value of 0 indicates an unsigned bind.
- Joe Schiffman's solution guide
- Apple
EventCode 2889
The following client performed a SASL (Negotiate/Kerberos/NTLM/Digest) LDAP bind without requesting signing (integrity verification), or performed a simple bind over a clear text (non-SSL/TLS-encrypted) LDAP connection.
Splunk
EventCode 2889
index="winevent_dc_index" source="wineventlog:directory service" EventCode="2889"
EventCode 2889, exposing Binding Type
index="winevent_dc_index" source="wineventlog:directory service" EventCode="2889" | rex field=_raw "(?ms)Binding\s+Type:\s+(?<typeBind>\d)"| table _time, host, EventCode, ClientIdentity, ClientIPAddress, typeBind