05-17-2010 11:59 PM - edited 03-09-2019 10:58 PM
Hi all,
now I need to configure ADsso. can anyone check the ktpass command and suggest me it is correct or not?
environment is here..
Number of DCs = 3
OS of DCs = windows 2008 standard (SP2)
AD domain functionality = Mixed mode with 2003
Domain name = laxman.com
Domain user name = ssouser
KTpass.exe version = 6.0.6003.28006
Command is here
=================
1. ktpass –princ ssouser/TestDc1.laxman.com@LAXMAN.COM -mapuser ssouser -pass password123 -out c:\output.keytab –ptype KRB 5_NT_PRINCIPAL +DesOnly
2. ktpass –princ ssouser/TestDc2.laxman.com@LAXMAN.COM -mapuser ssouser -pass password123 -out c:\output.keytab –ptype KRB5_NT_PRINCIPAL
+DesOnly
3. ktpass –princ ssouser/TestDc3.laxman.com@LAXMAN.COM -mapuser ssouser -pass password123 -out c:\output.keytab –ptype KRB5_NT_PRINCIPAL
+DesOnly
Thank you
Solved! Go to Solution.
05-18-2010 02:31 AM
Hello,
I've been working on this a simillar case since a month!!
I don't want you to wate your time!
AD2008 Standard is not supported.....this is it!!
http://www.cisco.com/en/US/docs/security/nac/appliance/support_guide/agntsprt.html#wp103186
Cisco said it is not tested for 2008 standard, but beleive me, with this TAC case opened for a month, and no answer from the development team till now! You better try 2008 Enterprise.
I tried AD2008 Enterprise R2, and it works like magic!
Hope this will help.
Have a lovely day
05-18-2010 11:59 AM
Mahmoud is right. Certain versions of 2k8 are supported only.
List here: http://bit.ly/AD_SSO_Compatibility
HTH,
Faisal
05-18-2010 02:31 AM
Hello,
I've been working on this a simillar case since a month!!
I don't want you to wate your time!
AD2008 Standard is not supported.....this is it!!
http://www.cisco.com/en/US/docs/security/nac/appliance/support_guide/agntsprt.html#wp103186
Cisco said it is not tested for 2008 standard, but beleive me, with this TAC case opened for a month, and no answer from the development team till now! You better try 2008 Enterprise.
I tried AD2008 Enterprise R2, and it works like magic!
Hope this will help.
Have a lovely day
05-18-2010 11:59 AM
Mahmoud is right. Certain versions of 2k8 are supported only.
List here: http://bit.ly/AD_SSO_Compatibility
HTH,
Faisal
05-18-2010 04:25 PM
Hi Faisal,
Since we don't have any option to change the DC operating system, we have to enable sso in this environment, we have ACS aslo. so what solution do you suggest for us?
05-19-2010 07:22 PM
Laxman,
If you have any 2k3 servers, you can run ktpass against those and setup the CAS to do SSO against it.
HTH,
Faisal
05-20-2010 01:01 AM
Faisal,
We have windows 2003 standard server but this server is not domain controller its dedicated server for WCS but it is a member of domain. Can we use this server for ktpass? if yes, will it works on ktpass –princ ad_sso/test.com@TEST.COM or we need to user server name instead of ad_domain
e.g ktpass –princ ad_sso/wcs-server.test.com@TEST.COM.
Thank you
05-27-2010 09:34 PM
Hi Faisal,
Can you please look at this problem? I hope I'll get perfect solution from you.
Thank you.
05-18-2010 04:23 PM
hi Mahmoud,
thank you for your kind information. Its really helpful to me.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide