11-17-2003 09:18 AM - edited 02-21-2020 12:52 PM
I would like to create a single sign-on for my users. Currently they authenticate to the VPN and then to individual servers within the domain. I would like to have just one logon. I have a Pix 515 which terminates VPNs from clients using Cisco Client 4.0. I authenticated users through MS IAS (radius) to the MS active directory. After users have logged into the VPN, they then have to logon to each server with a username@domain.com logon. As always, any advise you can give is greatly appreciated.
11-17-2003 10:36 AM
Are they connecting from machines that are members of the domain?
11-17-2003 10:44 AM
Some are machines members, some machines are not members, some users are probalby loggin on locally.
11-18-2003 08:00 AM
The problem here is one of Microsoft not Cisco. Non domain member machines will have to logon at each and every new machine they connect to over the tunnel.
Some of this can be alleviated by having your users connect to an internal web portal.
12-09-2003 10:59 AM
I was wondering if you came up with a solution to this annoying problem (besides using Cisco's ACS server)?
Thanks for your help.
Thuan
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: