04-20-2010
06:49 PM
- last edited on
02-21-2020
11:20 PM
by
cc_security_adm
Hello,
I have a question, can i integrate NAC 4.7.2 with AD 2K3 using client machine windows 7 to login with SSO?, I have this question, because I have client machines in windows 7 and I have integrated NAC 4.7.2 with AD 2K8 to SSO, but I havent raised funtional level from W2K3 to W2K8, but it works client machine WXP with SSO.
Any suggest?
Best Regards
04-21-2010 12:28 PM
Alvaro,
Raise the domain level to 2k8. That's the only supported method that works with SSO. More details here: http://bit.ly/471_SSO footnote 2.
HTH,
Faisal
04-21-2010 01:07 PM
Hello Faisal,
is it works AD2K3 + NAC 4.7.2 + Windows 7 client + SSO AD? i undertand that i have to enable DES encryption, but one time done that it is work?
Thank you
Alvaro
04-22-2010 03:17 PM
Alvaro,
Yes. That can work, but you have to create a new account and run ktpass on it differently. Make sure the KTPASS version is the one ending in 1830 and run it like this:
KTPASS.EXE -princ newadsso/[adserver.]domain.com@DOMAIN.COM -mapuser newadsso -pass
PasswordText -out c:\newadsso.keytab -ptype KRB5_NT_PRINCIPAL
More info: http://bit.ly/471_SSO
HTH,
Faisal
04-27-2010 12:48 AM
Hi all,
My client runs 3 AD in their environment with OS windows 2003. Now they plan to upgrade one AD to windows 2008,
but the "function level" is still windows 2003. When I ran ktpass in 2008, there will be some error messages appear.
I have tested NAC with pure windows 2008 and it works fine with AD SSO.
But some customer won't upgrade AD straight to pure wondows 2008 in case of some incompatible problems.
So is there any method to solve the environment with Server 2008 but function level is still Server 2003?
ps: According to the document "If the AD system is based on an upgrade from Windows Server 2003, you must raise the domain functionality to Windows Server 2008 level for Cisco NAC appliance to perform SSO on Windows 7 clients. Without this you will not be able to automatically login to the Cisco NAC Appliance network.", if the client's PC OS is XP, not windows 7, will it not be affected with AD SSO??
Thanks a lot!
Jet
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: