I'm testing NAC Appliance with AD SSO. The SSO seems to be Ok. Anyway, users'll be prompted with agent login dialog if they don't login to the AD. In addition, they can't pass the authentication even if they use the correct credential. How can I discard this dialog? I'd like to force them to login to the AD. Please advice.
Sorry I misunderstood. Actually, there are 2 authentication servers. One is Kerberos and the other one is AD SSO. Both are pointed to the same domain controller. The reason I created the Kerberos is for allowing user to login through web login for downloading agent at the first time. After that, AD SSO will be used for authenticating.
Anyway, the problem is if user, laptop, does not login to the domain, the agent dialog will display and still allow user to login via the Kerberos. I do not want thing like this. How can I do? Please advice.
If you only wish to allow AD logins, then AD SSO should be attempted first which it sounds like it is. If for any reason SSO fails for a user, then you can configure an authentication server that uses Kerberos (AD) or LDAP. This can be same server used for AD SSO, but needs to be a separate authentication server which can be enabled for the user login page. The user login page can have the allowed options which can include one or more auth servers.
The auth server options selected on the user login page are configurable to a specific VLAN or operating system, so it would be possible to have different auth servers selected for Windows and say Linux/MAC users, but for users that map to same login page, both Web auth and agent-based users (including AD SSO users) will see the same auth server list.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :