09-06-2010 04:08 AM - edited 02-21-2020 04:04 AM
Hello,
I am trying to configure NAC OOB SSO with AD. The software on my CAS and CAM is 4.7(2)
and my AD is Windows Server 2008.
I have some information that with this version of NAC software (4.7.2) I do not need to run ktpass
on AD server. Is this true? Because I didn't find that kind of information in any manual.
So do I need to run ktpass and if I do, what version should I use?
Thanks
Solved! Go to Solution.
09-07-2010 12:12 PM
Zoran,
Check this link. Even though it says it's for 4.8, it works with 4.7.2 also:
HTH,
Faisal
09-07-2010 12:12 PM
Zoran,
Check this link. Even though it says it's for 4.8, it works with 4.7.2 also:
HTH,
Faisal
09-08-2010 02:27 PM
Faisal,
thank you very much. I did configure it as it says in the document and it is working.
But I have another thing that worries me. Why is it (and is it) necessary to select
"Use Kerberos DES encryption types for this account" under my CAS username when
it also says in the section about windows 7 that I can Enable Additional Algorithms on Existing AD Servers
But it explains only doing it with ktpass. Why can't I just enable other algorithms over ldp?
To be honest I am worried about this DES encryption because it is something my internal control doesn't like.
And I don't know in which step of kerberos authentication (in NAC AD SSO) is DES algorithm used? Between
client and AD or just client and CAS?
So is there a way to avoid DES totally and if not could you at least tell me in which phase of auth. process is it
used so I can see if it is acceptable because of internal control.
Thanks once again,
Zoran
09-09-2010 03:30 AM
Zoran,
Under the user properties, if you uncheck "Use Des encryption...." it will allow all encryption types. You can verify that it is not using DES by doing a packet capture between the CAS and the DC.
HTH,
Faisal
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide