10-02-2012 02:02 AM - edited 03-12-2019 05:41 PM
Hi Guys,
I need to configure my Cisco NAC (ADSSO) with Windows Server 2008 R2 Enterprise (64). For now we only can ADSSO with Windows XP. Windows 7 still using normal authentication. We are using KTPass to authenticate with NAC server. We are using Windows 2008 at 2003 functional level.
Anyone can help me regarding this?
Best Regards,
Azfar
10-02-2012 08:57 AM
Azfar,
There are a few things that you need to check/perform when configuring ADSSO. First you must check that proper version of ktpass is installed on the machine you generate the kerberos ticket for the CAS service account (I recommend using a different account for this just so you can roll back, also you can not run ktpass successfully more than once for the same service account, please delete the account first, recreate the account and try again):
http://www.cisco.com/en/US/docs/security/nac/appliance/support_guide/agntsprt.html#wp228565
After this you need to follow the steps to generate the kerberos ticket:
Here is an example more specific to your environment:
Since you are running in a mixed environment you must enable additional algorithms:
If it fails, then purchase ISE.
Thanks,
Tarik Admani
*Please rate helpful posts*
10-02-2012 07:59 PM
Hi Tarik,
Thanks for your reply. Actually i have configure all of those. I already check the ktpass version and enable additional algorhythms. but Windows 7 still fail to authenticate using ADSSO. From cisco support guide says that we can running in mixed mode environment. what can we do to check why windows 7 still fail without purchase ISE?
.
10-02-2012 08:16 PM
You can install kerbtray to see if the kerberos ticket for the CAS service account is enabled.
Here is the ADSSO troubleshooting guide, also did you restart the services after adding the additional algorithms, can you paste the line that you modified in the starttomcat file?
Thanks,
Tarik Admani
*Please rate helpful posts*
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide