Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
881
Views
0
Helpful
1
Replies

NAC - Single sign-on?

KarthiAruISS
Level 1
Level 1

‎09-04-2012 06:36 PM - edited ‎03-10-2019 07:30 PM

Hi,

The present authentication process is a three stage process as follows,

1. User logs in first by using the smart card (HID card and Navigo Software). (All the Windows OS based Desktop PCs are equiped with USB smart card readers. The Navigo software checks the login database and in turn authenticates the user accordingly. Windows Active Directory is also present.)

2. Next the user has to type the desktop username and password to log in to the desktop.

3. Next the user has to type the NAC username and password to log in.

The Cisco NAC brochures also mention support for SSO (Single Sign-on). How can the SSO be implemented in this scenario? i.e., Logging to NAC directly by just authenticating the Smart Card. Do let me know if additional details are required.

Thanks,

Karthi

Labels:
0 Helpful
1 Reply 1

Tarik Admani
VIP Alumni
VIP Alumni

‎09-04-2012 09:05 PM

Hi,

Single sign on is performed by using Kerberos once the client connects to the Kdc it should pull a Kerberos ticket for the Cas service account. Then the Nac agent helps the Kerberos ticket exchange in order to authenticate the client.

However all unauthenticated traffic must have access to all the single sign on ports...smb,ldap,global catalog...etc. ISE is the way to go. Cisco is offering discount for customers to migrate away from Nac. Let me know if you need help and I can hook you up.

Thanks,

Sent from Cisco Technical Support iPad App

0 Helpful
Customers Also Viewed These Support Documents