https://community.cisco.com/t5/network-security/nac-adsso-doesn-t-work/m-p/954945#M745079 <HTML><HEAD></HEAD><BODY><P>It worked. I was missing the VLAN mapping.</P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/413/cam/m_auth.html#wp1158789" target="_blank">http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/413/cam/m_auth.html#wp1158789</A></P><P></P></BODY></HTML> Wed, 11 Jun 2008 13:09:33 GMT yprasannas 2008-06-11T13:09:33Z https://community.cisco.com/t5/network-security/nac-adsso-doesn-t-work/m-p/954940#M745074 <P>Hi there,</P><P>I have 1 CAS and 1 CAM. Everything works fine if I use localDB authentication.</P><P>I tried to complete SSO AD configuration, from CAM installation guide. SSO service started to work successful. I'm trying to login to the domain - It's ok, I see green kerbtray icon, tickets are ok, but anyway I receive CCA Agent login/password screen.</P><P></P><P>AD logging looks like: (172.16.13.100 is AD server)</P><P></P><P>Mar 14, 2008 1:10:00 PM com.perfigo.wlan.jmx.admin.GSSServer loginToKDC</P><P>INFO: GSSServer - SPN : [cisco/<A href="mailto:computer-c.zozo.gov@ZOZO.GOV" target="_blank">computer-c.zozo.gov@ZOZO.GOV</A>]</P><P>Mar 14, 2008 1:10:00 PM com.perfigo.wlan.jmx.admin.GSSServer buildKDCList</P><P>INFO: buildKDCList - KDC-1: computer-c.zozo.gov/172.16.13.100</P><P>Mar 14, 2008 1:10:10 PM com.perfigo.wlan.jmx.admin.GSSServer loginToKDC</P><P>INFO: GSSServer - KDC(s) : [172.16.13.100]</P><P>Mar 14, 2008 1:14:22 PM com.perfigo.wlan.jmx.admin.GSSRetrier$RetrierTask run</P><P>INFO: GSSR - Windows SSO is running</P><P>Mar 14, 2008 1:19:22 PM com.perfigo.wlan.jmx.admin.GSSRetrier$RetrierTask run</P><P>INFO: GSSR - Windows SSO is running</P><P></P><P>What's may be wrong in my configuration? Local time on CAM, CAS and AD is the same, TCP/8910 in CAS is in listening mode. I opened full IP from * to my AD Server for Unauthenticated Role.</P><P></P><P>Regards,</P><P>Andrey</P><P></P> Fri, 21 Feb 2020 09:56:26 GMT https://community.cisco.com/t5/network-security/nac-adsso-doesn-t-work/m-p/954940#M745074 a.goldstein 2020-02-21T09:56:26Z https://community.cisco.com/t5/network-security/nac-adsso-doesn-t-work/m-p/954941#M745075 <HTML><HEAD></HEAD><BODY><P>ooops, I found the problem.</P><P>Workstation OS version was w2003server. With w2000wks and XP my configuration is working.</P><P></P><P>Regards,</P><P>Andrey</P><P></P></BODY></HTML> Fri, 14 Mar 2008 15:35:29 GMT https://community.cisco.com/t5/network-security/nac-adsso-doesn-t-work/m-p/954941#M745075 a.goldstein 2008-03-14T15:35:29Z https://community.cisco.com/t5/network-security/nac-adsso-doesn-t-work/m-p/954942#M745076 <HTML><HEAD></HEAD><BODY><P>I am having issue with AD SSO. CAS talks to AD because the service is started. </P><P></P><P>1. I can login to the domain but the NAC agent displays the window..Windows domain authentication but gives me a username and password window with drop down box as LOCAL DB.</P><P></P><P>Any help is appreciated.</P><P></P></BODY></HTML> Fri, 30 May 2008 16:27:59 GMT https://community.cisco.com/t5/network-security/nac-adsso-doesn-t-work/m-p/954942#M745076 yprasannas 2008-05-30T16:27:59Z https://community.cisco.com/t5/network-security/nac-adsso-doesn-t-work/m-p/954943#M745077 <HTML><HEAD></HEAD><BODY><P>Have you created an Authentication Server for your AD SSO?</P><P></P><P>Log on to CAM</P><P>User Management -&gt; Authentication Server</P></BODY></HTML> Mon, 02 Jun 2008 14:19:01 GMT https://community.cisco.com/t5/network-security/nac-adsso-doesn-t-work/m-p/954943#M745077 gojericho0 2008-06-02T14:19:01Z https://community.cisco.com/t5/network-security/nac-adsso-doesn-t-work/m-p/954944#M745078 <HTML><HEAD></HEAD><BODY><P>Have you verify User Login Page content setting to include "Available Providers"?</P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/413/cam/m_pages.html#wp1095025" target="_blank">http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/413/cam/m_pages.html#wp1095025</A></P></BODY></HTML> Wed, 11 Jun 2008 02:50:24 GMT https://community.cisco.com/t5/network-security/nac-adsso-doesn-t-work/m-p/954944#M745078 vinhtran427 2008-06-11T02:50:24Z https://community.cisco.com/t5/network-security/nac-adsso-doesn-t-work/m-p/954945#M745079 <HTML><HEAD></HEAD><BODY><P>It worked. I was missing the VLAN mapping.</P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/413/cam/m_auth.html#wp1158789" target="_blank">http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/413/cam/m_auth.html#wp1158789</A></P><P></P></BODY></HTML> Wed, 11 Jun 2008 13:09:33 GMT https://community.cisco.com/t5/network-security/nac-adsso-doesn-t-work/m-p/954945#M745079 yprasannas 2008-06-11T13:09:33Z https://community.cisco.com/t5/network-security/nac-adsso-doesn-t-work/m-p/954946#M745080 <HTML><HEAD></HEAD><BODY><P>hello yprasannas...</P><P></P><P>We are having the same issue with AD SSO...Loging into the domain is ok, but we set the CCA Agent login/password screen as well...We also configured vlan mapping as well, but no luck...</P><P></P><P>I noticed vlan mapping fixed your issue, what other things did you do?</P><P></P><P>Thanks</P><P></P></BODY></HTML> Mon, 04 Aug 2008 17:15:08 GMT https://community.cisco.com/t5/network-security/nac-adsso-doesn-t-work/m-p/954946#M745080 mrSS 2008-08-04T17:15:08Z https://community.cisco.com/t5/network-security/nac-adsso-doesn-t-work/m-p/954947#M745081 <HTML><HEAD></HEAD><BODY><P>Are you running OOB Layer-3 with Real-IP gateway? Are you running 4.1.3? Are you using Certificate Authority? If the answer is yes to all. You may want to review this <A class="jive-link-custom" href="http://www.cisco.com/en/US/docs/security/nac/appliance/release_notes/413/413rn.html#wp74768" target="_blank">http://www.cisco.com/en/US/docs/security/nac/appliance/release_notes/413/413rn.html#wp74768</A>. Be careful though, you may also need to apply an egress ACL to block trusted vlan from sending TCP-8910 to the FQDN of the OOB-CAS's Untrusted IP. Otherwise, the CCA agent may continue to send TCP-8910 to CAS and process SSO and refresh IP continuously(looping process).</P></BODY></HTML> Mon, 04 Aug 2008 22:19:42 GMT https://community.cisco.com/t5/network-security/nac-adsso-doesn-t-work/m-p/954947#M745081 vinhtran427 2008-08-04T22:19:42Z https://community.cisco.com/t5/network-security/nac-adsso-doesn-t-work/m-p/954948#M745082 <HTML><HEAD></HEAD><BODY><P>i answered yes to the first 2...not sure about the certificate authority...ill take a look at the link and update....thanks for the response</P></BODY></HTML> Tue, 05 Aug 2008 13:47:14 GMT https://community.cisco.com/t5/network-security/nac-adsso-doesn-t-work/m-p/954948#M745082 mrSS 2008-08-05T13:47:14Z https://community.cisco.com/t5/network-security/nac-adsso-doesn-t-work/m-p/954949#M745083 <HTML><HEAD></HEAD><BODY><P>I am having an issue with Windows Server 2008 Datacenter Core 2 64Bit and AD SSO.</P><P></P><P>I am getting the “Client not found in Kerberos database (6)” error I confirmed that the customer has the KB951191 hot fix.</P><P></P><P>TAC is saying it is not supported on Windows 2008 64Bit although their documentation says it IS supported with the new v4.7.1</P><P></P><P>Anyone else running 2008 64 with issues similar?</P></BODY></HTML> Tue, 01 Dec 2009 22:53:04 GMT https://community.cisco.com/t5/network-security/nac-adsso-doesn-t-work/m-p/954949#M745083 manfernandez 2009-12-01T22:53:04Z