dsconfigad did not support signing of LDAP packets in 10.4.x. However, this was an upgrade that was introduced in the 10.5 version of the AD Plug-in. Provided that your Active Directory environment uses LDAP signing, a standard policy with DCs, you can mirror your settings on the DC in dsconfigad by using the -packetsigning option followed by either an allow, disable or require variable. To force LDAP signing, just run the following command:
dsconfigad -packetsigning required
To then disable signing if your environment doesn’t support it use the following command:
dsconfigad -packetsigning disable
The default variable is allow, which will use LDAP signing when possible.
krypted September 27th, 2008
Posted In: Active Directory, Mac OS X, Mac OS X Server, Mac Security, Mass Deployment, Windows Server
Command line, dsconfigad, Mac OS X, Mac Security, packet signing