Languages

OS X Server: Packet encryption via SSL for Active Directory clients

Learn how to use SSL (Secure Sockets Layer) to encrypt packets between Active Directory clients and servers.

Using the dsconfigad(8) command, you can allow, disable, or require packet encryption between Active Directory clients and servers.

If packet encryption is used, packets between an Active Directory client and server are encrypted and signed using Kerberos by default. To use SSL instead, issue this command in Terminal as an admin user:

dsconfigad -packetencrypt ssl

If the server uses an untrusted certificate, you'll need to add the root and any necessary intermediate certificates to the client's System keychain using Keychain Access. If you wish to disable verification of the certificate (which should only be done for testing), you can change this line:

TLS_REQCERT demand

to this:

TLS_REQCERT never

in /etc/openldap/ldap.conf, on the client.

Additional Information

For more information, you can view the dsconfigad(8) manual page by typing man dsconfigad in Terminal.

Last Modified: Oct 15, 2012
Helpful?
Yes
No
  • Last Modified: Oct 15, 2012
  • Article: HT4730
  • Views:

    2362
  • Rating:
    • 100.0

    (1 Responses)

Additional Product Support Information

Start a Discussion
in Apple Support Communities
See all questions on this article See all questions I have asked