Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

AD SSO Problem in NAC

i have successfuly run the KT pass in AD. then as per the procedure i have sync the AD with CAS & CAM after that when i am going to start AD service

Error : Could not start the SSO service. Please check the configuration. is comming.

Neither i have found the log file in cas

/perfigo/logs/perfigo-redirect-log0.log.0.

1. i have checked the connectivty between AD and CAS its fine

2. As per the document i have completed all the steps still not able to integrate AD with CAS

can any one help me out

8 REPLIES
Community Member

Re: AD SSO Problem in NAC

Just wondering, are you using 2008 or 2003 domain controller(s).

Community Member

Re: AD SSO Problem in NAC

Follow the exact requirement of AD DC:

For Example Win2k3 with SP1 is supported while it is not supported without SP1...

Also, make sure the ktpass has the minimum required version. if not download it from Microsoft.

Make sure you follow the right procedure for ktpass. The procedures in case you have multiple DCs is different then the one with single DC.

Community Member

Re: AD SSO Problem in NAC

The reason I asked what OS your domain controllers are running is because you may need to run ktpass differently for CAS server to support authentication to 2k8. We certainly did. We were only able to use a single domain controller vs a domain for the "Account CAS on setting".

Community Member

Re: AD SSO Problem in NAC

The procedures in case you have multiple DCs is different then the one with single DC.

Somewhere I heard that if you run KTPASS from the latest supported version of Windows Server in your domain, then the proper Kerberos mappings will replicate throughout. Your statement seems to contradict that; where did you find this information?

We are having a problem similar to the OP, where one of our two CAS servers is failing to start the SSO service. This after attempting to run the KTPASS routine to allow for Windows 7 support. I do believe GUI utility is called for in a situation like this.

Community Member

Re: AD SSO Problem in NAC

You might check the time on the DC, the CAS, and the CAM. ADSSO uses kerberos, which requires the times on the devices to be synced. (I believe within 5 minutes of each other)

Re: AD SSO Problem in NAC

"Neither i have found the log file in cas

/perfigo/logs/perfigo-redirect-log0.log.0"

What version of Cisco NAC do you have installed? If NAC 4.5+, look for the log file at /perfigo/access/tomcat/logs/nac-server.log

-Dan Laden

Community Member

Re: AD SSO Problem in NAC

The location od CAS log fines differes based on the version.

in 4.1.x its /perfigo/logs

in 4.5 and later its /perfigo/control/tomcat/logs/

Try to understand whats going on by reading the logs.

Also please make sure the time is synchronized on AD and CAS & CAM.

Re: AD SSO Problem in NAC

Just a point of clarity.

For 4.5+, the NAC Manager log files are at /perfigo/control/tomcat/logs and the NAC Server log files are at /perfigo/access/tomcat/logs.

-Dan Laden

535
Views
0
Helpful
8
Replies
CreatePlease to create content