Hi dears

I have a domain network with Windows Server 2003 and my clients have Windows XP or 7;

I want the network authentication be through my NAC appliance (.1X).

I add the NAC server to the NAC manager; enable active directory service on NAC manager and run my active directory; but I think the network authenticates on my domain instead of NAC appliance.

When I login with my User on my domain authentication run on my AD and then I open a browser and enter https://<CAS IP>/auth/perfigo_weblogin.jsp a page appears that I can enter my Username and Password (Cisco Clean Access Authentication). When I enter a Username that I made in my active directory before this error appears:

Network Error:

Clean Access Server could not establish a secure connection to Clean Access Manager at 192.168.1.100.
This could be due to one or more of the following reasons: 1) Clean Access Manager certificate has expired 2) Clean Access Manager certificate cannot be trusted or 3) Clean Access Manager cannot be reached.
Please report this to your network administrator.

Then I download and install CCAgent on one of my clients manually for test my network; I restart my client machine (Win XP) and login with my active directory User and Pass, when the system comes up nothing happen, the Cisco NAC Agent login button is disable, I mean it seem to login itself before and I cannot do anything.

First I want to know If this topology is correct or not?!

And what should I do until my authentication perform on my NAC appliance but get Users and Policies from my AD?