Skip to main content
NetApp Knowledgebase

How can SolidFire/HCI be impacted by Microsoft Security Advisory ADV190023?

Views:
75
Visibility:
Public
Votes:
0
Category:
element-software
Specialty:
hci
Last Updated:

 

Applies to

  • SolidFire/HCI storage clusters
  • Authentication with LDAP on the cluster GUI
  • Microsoft Domain Controllers

Answer

Customers will no longer be able to login with their domain user if LDAPS is not in use on the cluster GUI. Ensure LDAPS is enabled on each cluster connecting to related Microsoft Domain Controllers for authentication.

To verify:

  • Open the cluster GUI in the browser: https://<MVIP>:443
  • Go to Cluster > LDAP
  • Go to LDAP servers
  • Ensure the Use LDAPS Protocol box is checked
  • Press Save Changes if required (the Search Bind Password will need to be entered under General Settings)

Additional Information

Microsoft has published ADV190023 where a security vulnerability was found on LDAP. As a workaround they recommend to enable LDAP channel binding and LDAP signing.