Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Client NAC Windows 7 using SSO AD with Active Directory 2003/2008

Hello,

I have a question, can i integrate NAC 4.7.2 with AD 2K3 using client machine windows 7 to login with SSO?, I have this question, because I have client machines in windows 7 and I have integrated NAC 4.7.2 with AD 2K8 to SSO, but I havent raised funtional level from W2K3 to W2K8, but it works client machine WXP with SSO.

Any suggest?

Best Regards

4 REPLIES

Re: Client NAC Windows 7 using SSO AD with Active Directory 2003

Alvaro,

Raise the domain level to 2k8. That's the only supported method that works with SSO. More details here: http://bit.ly/471_SSO footnote 2.

HTH,

Faisal

Re: Client NAC Windows 7 using SSO AD with Active Directory 2003

Hello Faisal,

is it works AD2K3 + NAC 4.7.2 + Windows 7 client + SSO AD? i undertand that i have to enable DES encryption, but one time done that it is work?

Thank you

Alvaro

Re: Client NAC Windows 7 using SSO AD with Active Directory 2003

Alvaro,

Yes. That can work, but you have to create a new account and run ktpass on it differently. Make sure the KTPASS version is the one ending in 1830 and run it like this:

KTPASS.EXE -princ newadsso/[adserver.]domain.com@DOMAIN.COM -mapuser newadsso -pass 
PasswordText -out c:\newadsso.keytab -ptype KRB5_NT_PRINCIPAL

More info: http://bit.ly/471_SSO

HTH,
Faisal

New Member

Re: Client NAC Windows 7 using SSO AD with Active Directory 2003

Hi all,

My client runs 3 AD in their environment with OS windows 2003. Now they plan to upgrade one AD to windows 2008,

but the "function level" is still windows 2003. When I ran ktpass in 2008, there will be some error messages appear.

I have tested NAC with pure windows 2008 and it works fine with AD SSO.

But some customer won't upgrade AD straight to pure wondows 2008 in case of some incompatible problems.

So is there any method to solve the environment with Server 2008 but function level is still Server 2003?

ps: According to the document "If the AD system is based on an upgrade from Windows Server 2003, you must raise the domain functionality to Windows Server 2008 level for Cisco NAC appliance to perform SSO on Windows 7 clients. Without this you will not be able to automatically login to the Cisco NAC Appliance network.", if the client's PC OS is XP, not windows 7, will it not be affected with AD SSO??

Thanks a lot!

Jet

1273
Views
0
Helpful
4
Replies