Buy or Renew
Buy or Renew
Meraki Community is live! Welcome Meraki Members! Learn more here.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3056
Views
2
Helpful
4
Replies

Active Directory enrollment authentication

Marcel Kamenz
Level 5
Level 5

‎08-01-2024 11:44 PM

Hi,

I am still confused about the changelog entry of the current agent version 4.2.2.
It says the following:
[Update] Removed support for Active Directory enrollment authentication (local unencrypted LDAP proxy).

Does this mean that the connection to the AD no longer works?
I had opened a ticket and was told that LDAPS (secure) would work. On my test client, however, I don't see a single request going out to the domain controller in Wireshark.

Labels:
0 Helpful
4 Replies 4

Marcel Kamenz
Level 5
Level 5

‎08-26-2024 01:48 PM

Nobody out there using the AD enrollment auth? Any suggestions how to automate the enrollment without this?

0 Helpful

nbv1
Level 3
Level 3
In response to Marcel Kamenz

‎08-27-2024 03:07 PM

I don't use AD enrollment but, updating your LDAP proxy and/or your AD servers (if they're not already) to use LDAPS is probably the easiest. Especially if you were already using AD authentication. Running it with a certificate and turning on SSL/TLS over port 636 is kind of the basis of that.

If you don't want to bother with that, you can still fully manage devices inside of Systems Manager. Configure your enrollment settings with a certificate authority cert, create automated enrollment profiles, assign profiles to computers or to users you create in Meraki, use tags to manage device and software deployments, and create profiles inside of Meraki and assign those to your tags.

Not sure what your current setup is but, there's a few ways get the end result depending on what you're wanting. Enabling LDAPS sounds like the cleanest option in your case since your basically there already without the encryption.

0 Helpful

Gelo1
Community Member

‎09-19-2024 09:33 AM

It doesn't mean AD connections no longer work. The update just removed support for unencrypted LDAP. Secure connections via LDAPS should still be fine. If you're not seeing any traffic, maybe double-check the LDAPS configuration or make sure the correct ports are open?

Marcel Kamenz
Level 5
Level 5

‎09-22-2024 11:28 PM

Certificate was good hint, I hadn't thought of that. 😵
But sure, it's encrypted -> cert needed.

Test will follow....

Customers Also Viewed These Support Documents