Skip to main content
NetApp Knowledge Base

How can SolidFire/HCI be impacted by Microsoft Security Advisory ADV190023?

Views:
323
Visibility:
Public
Votes:
0
Category:
element-software
Specialty:
hci
Last Updated:

 

Applies to

  • SolidFire/HCI storage clusters
  • Authentication with LDAP on the cluster GUI
  • Microsoft Domain Controllers

Answer

Customers will no longer be able to login with their domain user if LDAPS is not in use on the cluster GUI. Ensure LDAPS is enabled on each cluster connecting to related Microsoft Domain Controllers for authentication.

To verify:

  • Open the cluster GUI in the browser: https://<MVIP>:443
  • Go to Cluster > LDAP
  • Go to LDAP servers
  • Ensure the Use LDAPS Protocol box is checked
  • Press Save Changes if required (the Search Bind Password will need to be entered under General Settings)

Additional Information

Microsoft has published ADV190023 where a security vulnerability was found on LDAP. As a workaround they recommend to enable LDAP channel binding and LDAP signing.

 

 

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.