i have successfuly run the KT pass in AD. then as per the procedure i have sync the AD with CAS & CAM after that when i am going to start AD service
Error : Could not start the SSO service. Please check the configuration. is comming.
Neither i have found the log file in cas
1. i have checked the connectivty between AD and CAS its fine
2. As per the document i have completed all the steps still not able to integrate AD with CAS
can any one help me out
Follow the exact requirement of AD DC:
For Example Win2k3 with SP1 is supported while it is not supported without SP1...
Also, make sure the ktpass has the minimum required version. if not download it from Microsoft.
Make sure you follow the right procedure for ktpass. The procedures in case you have multiple DCs is different then the one with single DC.
The reason I asked what OS your domain controllers are running is because you may need to run ktpass differently for CAS server to support authentication to 2k8. We certainly did. We were only able to use a single domain controller vs a domain for the "Account CAS on setting".
The procedures in case you have multiple DCs is different then the one with single DC.
Somewhere I heard that if you run KTPASS from the latest supported version of Windows Server in your domain, then the proper Kerberos mappings will replicate throughout. Your statement seems to contradict that; where did you find this information?
We are having a problem similar to the OP, where one of our two CAS servers is failing to start the SSO service. This after attempting to run the KTPASS routine to allow for Windows 7 support. I do believe GUI utility is called for in a situation like this.
You might check the time on the DC, the CAS, and the CAM. ADSSO uses kerberos, which requires the times on the devices to be synced. (I believe within 5 minutes of each other)
"Neither i have found the log file in cas
What version of Cisco NAC do you have installed? If NAC 4.5+, look for the log file at /perfigo/access/tomcat/logs/nac-server.log
The location od CAS log fines differes based on the version.
in 4.1.x its /perfigo/logs
in 4.5 and later its /perfigo/control/tomcat/logs/
Try to understand whats going on by reading the logs.
Also please make sure the time is synchronized on AD and CAS & CAM.
Just a point of clarity.
For 4.5+, the NAC Manager log files are at /perfigo/control/tomcat/logs and the NAC Server log files are at /perfigo/access/tomcat/logs.