LDAP Signing (Not LDAPS)

ChrisSnapeChrisSnape
in Firebox - Authentication

Model FireboxV-MED
Version 12.11.6.B728370

Hi everyone,

With Windows Server 2025 activating LDAP Signing and Binding as default, I wanted to check if and how we can activate this on my WatchGuard authentication before we start incorporating any 2025 domain controllers.

We are currently using AD for my Mobile SSL VPN users.

I am seeing Event ID 2889 in the DC logs for the firebox IP when users are authenticating - which means LDAP signing is not active on the firebox.

I don't want to go down the LDAPS route if I can help it.

Kind Regards,
Chris Snape

Comments

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @ChrisSnape
    We don't support LDAP signing (SASL). You'll either need to use LDAPS, or disable signing in your group policy.

    Setting:
    Domain Controller Policy > Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > Security Options

    Change - Network security: LDAP client encryption requirements: "Negotiate Sealing"
    To - Network security: LDAP client encryption requirements: "None"

    -James Carson
    WatchGuard Customer Support

  • ChrisSnapeChrisSnape

    Thanks for clarifying, James. For now I'll look to enable LDAPS.

    We are moving over to SAML at some point with M365.

Sign In to comment.