Lauren Sullivan Fri, 07/16/2010 - 05:58
User Badges:

If you configured KTPASS to use DES-only encryption, you will need to re-run it, as Windows 7 does not support DES encryption.  Here's the instructions for that: http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/47/cas/s_adsso.html#wp1257882


Also, if your domain is operating at a 2003 functionality level, you may run into problems (CSCtg46056).

a.chernomazov Sun, 07/18/2010 - 20:45
User Badges:

KTPASS configured to use - crypto all


AD mixed: 1) win 2008 r2

                2) win 2003


in attach netastat cas (client ip 10.52.30.55)


user roles - traffic control - unauth role - allow all traffic.

Attachment: 
Lauren Sullivan Mon, 07/19/2010 - 07:24
User Badges:

So on the CAS, does the AD SSO process show as running?  Is it just the Windows 7 users that are failing, and other users are passing fine?  If so, it sounds like you are probably running into that bug if you're at 2003 functionality and are going against the 2008 server.  There is a workaround included in the release notes, or you could run against AD SSO against a single 2003 server instead.

Actions

This Discussion