Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1370
Views
0
Helpful
4
Replies

Cisco NAC AD SSO

sanjeev3090
Level 1
Level 1

‎02-23-2011 10:39 PM - edited ‎02-21-2020 04:15 AM

Hi,

I need help with configuring CASUser Account for NAC AD SSO in a multidomain enviorment.

We have two child domain (based on region) say A & B. We have created the casuser account in domain A. If a user from Domain A login, everything works fine and they are authenticated.

But the problem starts if some one from domian B tries to login - they are authenticated by AD (checked through kerbtray and net time \set (can't see ticket for casuser account)....the NAC agaent keeps on prompting for username & password.

Domain: Windows 20003

Domain functional level: Windows 2000 native

Cisco NAC Agent: Version : 4.8.0.32

0 Helpful
4 Replies 4

wkamil123
Level 1
Level 1

‎02-25-2011 07:10 AM

Which domain is the master? The domain in site A&B  are Windows 2000 native?

Do you configure kerbtray only on master domain?

Kamil

0 Helpful

wkamil123
Level 1
Level 1

‎02-25-2011 07:10 AM

Which domain is the master? The domain in site A&B  are Windows 2000 native?

Do you configure kerbtray only on master domain?

Kamil

0 Helpful

sanjeev3090
Level 1
Level 1
In response to wkamil123

‎02-27-2011 01:43 AM

Hi Kamil,

Thanks for your response.

I guess you are quering about the KTpass command as kerbtray is just a tool to display the ticket information.

Both A & B are child domains as we don't have any user accounts in root domain. The CAS user account was created in domain A (having multiple DC's in both domain A & B) and we ran the ktpass command for the CASUSER account in domain A. Everything works fine for users created in domain A.

Our requirement is that when user in domain B are visiting domain A, they can be authenticated as well through NAC.

0 Helpful

wkamil123
Level 1
Level 1
In response to sanjeev3090

‎02-27-2011 02:51 AM

Hi Sanjeev,

I was implemented the Cisco NAC in a multi domain environment and works fine until the customer add third AD server on Windows 2008.

Do you verify that the created user CASUSER is visible on domain B?

The CASUSER in my opinon must be created on root domain and will be broadcasted to domains A&B.

Do you used LDAP user mapping to roles?

Do you tested that was created user in domain B and verify in site A? It's the simple test for what you want to do.

Which version Cisco NAC have you got?

Kamil


0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card