NAC 4.7.2 OOB ADSSO win7

a.chernomazov · ‎07-16-2010

Hi,

I updated CAM and CAS servers to ver 4.7.2, in OOB mode on windows 7 don't work autorization whith ADSSO.

ktpass make by win 2008 r2

ver nacagent 4.7.2

Lauren Sullivan · ‎07-16-2010

If you configured KTPASS to use DES-only encryption, you will need to re-run it, as Windows 7 does not support DES encryption. Here's the instructions for that: http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/47/cas/s_adsso.html#wp1257882

Also, if your domain is operating at a 2003 functionality level, you may run into problems (CSCtg46056).

a.chernomazov · ‎07-18-2010

KTPASS configured to use - crypto all

AD mixed: 1) win 2008 r2

2) win 2003

in attach netastat cas (client ip 10.52.30.55)

user roles - traffic control - unauth role - allow all traffic.

Lauren Sullivan · ‎07-19-2010

So on the CAS, does the AD SSO process show as running? Is it just the Windows 7 users that are failing, and other users are passing fine? If so, it sounds like you are probably running into that bug if you're at 2003 functionality and are going against the 2008 server. There is a workaround included in the release notes, or you could run against AD SSO against a single 2003 server instead.