Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
317
Views
5
Helpful
3
Replies

Clean Access V4 Single Sign On

iwearing
Level 1
Level 1

‎06-30-2006 06:14 AM - edited ‎03-09-2019 03:27 PM

Has anybody upgraded to Cisco Clean Access version 4.0 and managed to implement AD SSO.

I have configured as per the documentation. However when I try to enable Agent based Windows SSO with AD Kerberos, I receive an error could not start the sso service.

The KTPass command ran successfully on the AD Server.

An Authentication Server Type of AD SSO has been configured on the CAM.

Regards

Ian.

Labels:
0 Helpful
3 Replies 3

JOSH GANT
Level 1
Level 1

‎07-06-2006 05:19 AM

Hi Ian,

Make sure that the time on the CCA Server and the domain controller where you ran ktpass are within 20 seconds on time.

If they skew much more than that kerberos doesn't like it.

r.babb
Level 1
Level 1

‎08-30-2006 08:23 AM

I have run into a problem getting the SSO service to start. In researching the problem I found this link which looks very suspicious as to the nature of the problem. I am actively working with Cisco to narrow down the problem.

http://forum.java.sun.com/thread.jspa?threadID=741727&messageID=4253013

0 Helpful

grant.maynard
Level 4
Level 4
In response to r.babb

‎08-31-2006 10:07 AM

In my experience of AD SSO joshgrant was spot on: if the CAM and DC get out of sync the SSO fails. Best to try to sync them off same time source.

0 Helpful
Customers Also Viewed These Support Documents