Cisco Cisco NAC Appliance 4.1.0
Cisco NAC Appliance - Clean Access Manager Installation and Administration Guide
OL-12214-01
Chapter 8 Configuring Active Directory Single Sign-On (AD SSO)
AD SSO Configuration Step Summary
sales.name.domain.com can log into any AD server in the domain. In addition, the ktpass command
(described in
(described in
) only needs to be executed
on the kdc1.sales.name.domain.com server.
Figure 8-2
Configuring the CAS User Account on the AD Server
AD SSO Configuration Step Summary
Administrators should start with a good understanding of their network layout with respect to their AD
servers prior to configuring Active Directory SSO.
servers prior to configuring Active Directory SSO.
Configuration Prerequisites
To configure Active Directory SSO, you will need to have the following:
•
The number of AD servers (domain controllers) to be configured. Typically, the CAS will
correspond to one AD server.
correspond to one AD server.
•
Ensure you obtain and install the most current version of ktpass.exe.
•
The Windows 2000 or Windows 2003 server installation CD for the AD server. This is needed to
install support tools for the ktpass command. The ktpass command is required to be run only on the
AD server (domain controller) to which the CAS is logging in.
install support tools for the ktpass command. The ktpass command is required to be run only on the
AD server (domain controller) to which the CAS is logging in.
superuser
name.domain.com (Root domain)
sales.name.domain.com
180217
10.201.152.12
kdc.eng.name.domain.com
eng.name.domain.com
eng.user.01
.
.
.
eng.user.100
.
.
.
eng.user.100
AD domain server
(domain controller)
AD domain
server (kdc3)
AD domain
server (kdc2)
10.201.152.11
kdc1.sales.name.domain.com
AD domain server
(domain controller)
sales.user.01
.
.
.
sales.user.50
.
.
.
sales.user.50
sales.user.51
.
.
.
sales.user.100
.
.
.
sales.user.100
sales.user.101
.
.
.
sales.user.150
.
.
.
sales.user.150
Clean Access Server layer
Clean Access Server layer