Domain Requires Strong Authentication

Posted on 7th December 2016

When running the Test Settings function within Foldr Settings, authentication may fail with the following error:

“Your domain requires strong authentication, consider using LDAPS.”

 

strong-auth

This is due to LDAP Signing being required on the Windows Domain Controller (DC) and as a result it rejects the LDAP Simple Bind being sent by Foldr.  There are two solutions to this issue:

  1.  Disable the LDAP Signing requirement on the DC
    or
  2.  Enable LDAPS on the DC to allow Foldr to connect using LDAP over SSL

To disable LDAP Signing:

  1. On the Domain Controller – Click Start > Run > gpedit.msc
  2. In the Group Policy Object Editor, select the relevant GPO (usually Default Domain Controllers Policy) >> Right Click >> Edit and navigate to the following section:
    Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options 
  3. Select the following entries:
  • Domain Controller: LDAP Server signing requirements.
  • Network security: LDAP Client signing requirements
  1. Set the above as follows:
  • Domain controller: LDAP server signing requirements = None (This is the default value)
  • Network security: LDAP client signing requirements = Negotiate  (This is the default value)

 

The recommended action in this scenario would be to leave the settings as-is and enable LDAPS on the Domain Controller to allow Foldr to securely authenticate using port 636.  Click here for more information

 

Need more help?

Get in touch with our friendly help desk who will be happy to assist you, support@foldr.io