Hello guys,
I have noticed that an event id : 2889 is created every time a user connects to our network via VPN, i have aleady enabled LDAP logging to identify the identity, here is a sample of the event id :
Log Name: Directory Service
Source: Microsoft-Windows-ActiveDirectory_DomainService
Event ID: 2889
Task Category: LDAP Interface
Level: Information
Keywords: Classic
The following client performed a SASL (Negotiate/Kerberos/NTLM/Digest) LDAP bind without requesting signing (integrity verification), or performed a simple bind over a cleartext (non-SSL/TLS-encrypted) LDAP connection.
Client IP address:
FIREWALL IP:PORT
Identity the client attempted to authenticate as:
DOMAIN\USERNAME
Binding Type:
1
Question : How can i enhace the security of the authentication ? do i need to reject such week authentication method on server side, or do something on the firewall, in both cases will a modification impact users, is there something to consider before doing any changes ?
Thanks a lot, please feel free to as more information
Nb: Bear with me ! i m still learning...
This thread was automatically locked due to age.