cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
936
Views
0
Helpful
8
Replies

AD SSO Problem in NAC

pandapritam
Level 1
Level 1

i have successfuly run the KT pass in AD. then as per the procedure i have sync the AD with CAS & CAM after that when i am going to start AD service

Error : Could not start the SSO service. Please check the configuration. is comming.

Neither i have found the log file in cas

/perfigo/logs/perfigo-redirect-log0.log.0.

1. i have checked the connectivty between AD and CAS its fine

2. As per the document i have completed all the steps still not able to integrate AD with CAS

can any one help me out

8 Replies 8

greg.washburn
Level 1
Level 1

Just wondering, are you using 2008 or 2003 domain controller(s).

jad.sadek
Level 1
Level 1

Follow the exact requirement of AD DC:

For Example Win2k3 with SP1 is supported while it is not supported without SP1...

Also, make sure the ktpass has the minimum required version. if not download it from Microsoft.

Make sure you follow the right procedure for ktpass. The procedures in case you have multiple DCs is different then the one with single DC.

The reason I asked what OS your domain controllers are running is because you may need to run ktpass differently for CAS server to support authentication to 2k8. We certainly did. We were only able to use a single domain controller vs a domain for the "Account CAS on setting".

The procedures in case you have multiple DCs is different then the one with single DC.

Somewhere I heard that if you run KTPASS from the latest supported version of Windows Server in your domain, then the proper Kerberos mappings will replicate throughout. Your statement seems to contradict that; where did you find this information?

We are having a problem similar to the OP, where one of our two CAS servers is failing to start the SSO service. This after attempting to run the KTPASS routine to allow for Windows 7 support. I do believe GUI utility is called for in a situation like this.

jwjorgensen
Level 4
Level 4

You might check the time on the DC, the CAS, and the CAM. ADSSO uses kerberos, which requires the times on the devices to be synced. (I believe within 5 minutes of each other)

Daniel Laden
Level 4
Level 4

"Neither i have found the log file in cas

/perfigo/logs/perfigo-redirect-log0.log.0"

What version of Cisco NAC do you have installed? If NAC 4.5+, look for the log file at /perfigo/access/tomcat/logs/nac-server.log

-Dan Laden

vishekha
Level 1
Level 1

The location od CAS log fines differes based on the version.

in 4.1.x its /perfigo/logs

in 4.5 and later its /perfigo/control/tomcat/logs/

Try to understand whats going on by reading the logs.

Also please make sure the time is synchronized on AD and CAS & CAM.

Just a point of clarity.

For 4.5+, the NAC Manager log files are at /perfigo/control/tomcat/logs and the NAC Server log files are at /perfigo/access/tomcat/logs.

-Dan Laden

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: