Simple bind from ONTAP causing security alert on DC
Applies to
- ONTAP
- Protocol: CIFS/SMB, NFS
Issue
- Security alerts were generated on domain controllers indicating that LDAP connections from ONTAP vserver were performing SASL LDAP binds without requesting signing, or were performing simple binds over cleartext LDAP connections.
"The following client performed a SASL LDAP bind without requesting signing, or performed a simple bind over a cleartext LDAP connection.” The account involved is the vserver's machine account.
- The environment was likely using LDAP port 389 (non-secure) instead of secure port 636.
- There was a risk of exposing sensitive authentication data due to unsigned or cleartext LDAP binds.
- No service outage was reported; the primary concern was security exposure.
