New Security Defaults for Active Directory
Critical Information for Current FreeNAS and TrueNAS Users regarding Active Directory
Microsoft is changing the security defaults for Active Directory to eliminate some security vulnerabilities in its protocols. These new security defaults are likely to disrupt existing FreeNAS and TrueNAS deployments once Windows systems are updated. Users not using Active Directory are unaffected by these Microsoft updates. The Windows updates may appear sometime in March 2020.
*FreeNAS and TrueNAS users that utilize Active Directory should update to version 11.3 (or 11.2-U8) to avoid potential disruption of their networks when updating to the latest versions of Windows software after March 1, 2020. Version 11.3 has been released and version 11.2-U8.1 is also available.
Full details are available in this iXsystems Technical Note about LDAP channel binding and LDAP signing. This Active Directory blog provides more information on the SMB features in FreeNAS and TrueNAS 11.3.
Users not using Active Directory are unaffected by these Microsoft updates and therefore can update their FreeNAS and TrueNAS systems at their leisure.
Please contact us if we can help you with your next SMB server deployments.