Meraki

MK2 · ‎Aug 1 2024

Hi,

I am still confused about the changelog entry of the current agent version 4.2.2.
It says the following:
[Update] Removed support for Active Directory enrollment authentication (local unencrypted LDAP proxy).

Does this mean that the connection to the AD no longer works?
I had opened a ticket and was told that LDAPS (secure) would work. On my test client, however, I don't see a single request going out to the domain controller in Wireshark.

MK2 · ‎Aug 26 2024

Nobody out there using the AD enrollment auth? Any suggestions how to automate the enrollment without this?

nbv · ‎Aug 27 2024

I don't use AD enrollment but, updating your LDAP proxy and/or your AD servers (if they're not already) to use LDAPS is probably the easiest. Especially if you were already using AD authentication. Running it with a certificate and turning on SSL/TLS over port 636 is kind of the basis of that.

If you don't want to bother with that, you can still fully manage devices inside of Systems Manager. Configure your enrollment settings with a certificate authority cert, create automated enrollment profiles, assign profiles to computers or to users you create in Meraki, use tags to manage device and software deployments, and create profiles inside of Meraki and assign those to your tags.

Not sure what your current setup is but, there's a few ways get the end result depending on what you're wanting. Enabling LDAPS sounds like the cleanest option in your case since your basically there already without the encryption.

Gelo · ‎Sep 19 2024

It doesn't mean AD connections no longer work. The update just removed support for unencrypted LDAP. Secure connections via LDAPS should still be fine. If you're not seeing any traffic, maybe double-check the LDAPS configuration or make sure the correct ports are open?

MK2 · ‎Sep 22 2024

Certificate was good hint, I hadn't thought of that. 😵
But sure, it's encrypted -> cert needed.

Test will follow....