LISTSERV - CLEANACCESS Archives - LISTSERV.MIAMIOH.EDU

CLEANACCESS Archives

August 2011

CLEANACCESS@LISTSERV.MIAMIOH.EDU

	LISTSERV Archives
	CLEANACCESS Home
	CLEANACCESS August 2011

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: One step closer... (UNCLASSIFIED)
From:	Daniel T <[log in to unmask]>
Reply To:	Cisco Clean Access Users and Administrators <[log in to unmask]>
Date:	Fri, 26 Aug 2011 13:14:31 -0700
Content-Type:	text/plain
Parts/Attachments:	text/plain (93 lines)

John's reply is worth investigating assuming you did the domain wide
(multi-DC) ktpass command. Also verify your ktpass version meets the
recommended version. About a year ago I had an issue where single
domain setup would work but multi-domain setup would fail. It was
found to be the ktpass version was old.

Regards,
/Daniel


On Fri, Aug 26, 2011 at 11:40 AM, Kyle Torkelson
<[log in to unmask]> wrote:
> Is there a group policy something like "Wait for Network on Computer Start up" or something that you could try?  Just curious...
>
> Kyle Torkelson
> University of Sioux Falls
>
>
>
> -----Original Message-----
> From: Cisco Clean Access Users and Administrators [mailto:[log in to unmask]] On Behalf Of Allen, Richard D CW2 NG NG NGB
> Sent: Friday, August 26, 2011 12:43 PM
> To: [log in to unmask]
> Subject: Re: One step closer... (UNCLASSIFIED)
>
> Classification: UNCLASSIFIED
> Caveats: NONE
>
> Yes - when doing the auth test it comes back correct. The strange part is
> that it is only from a cold boot. When I boot up it will not do SSO but if I
> simply log out and back in SSO performs correctly.
>
> -----Original Message-----
> From: Cisco Clean Access Users and Administrators
> [mailto:[log in to unmask]] On Behalf Of Daniel T
> Sent: Friday, August 26, 2011 12:08 PM
> To: [log in to unmask]
> Subject: Re: One step closer... (UNCLASSIFIED)
>
> Richard,
> It sounds like it is only reading cached credentials to me. Do you get
> successful replies when you use "Auth Test".
> User Management -> Auth Servers -> Auth Test
>
> Then enter username with ADSSO as the provider. If that is not getting
> proper replies, you might need to use some LDAP tool to see what you are
> getting.
>
> Regards,
> /Daniel
>
> On Fri, Aug 26, 2011 at 9:39 AM, Allen, Richard D CW2 NG NG NGB
> <[log in to unmask]> wrote:
>> Classification: UNCLASSIFIED
>> Caveats: NONE
>>
>> After enabling NAT to allow certificate CRL validation I am able to
>> complete SSO with smart card. Except..
>>
>>
>>
>> From a complete cold boot SSO does not execute and instead I get the
>> agent login screen. If I don't log in to the agent and simply log out
>> and back into windows SSO processes me as expected. Any suggestions on
>> what may be happening?
>>
>>
>>
>> Richard Allen
>>
>> CW2, SC, TNARNG
>>
>> J6 JFHQ
>>
>> 3041 Sidco Drive
>>
>> Nashville, TN 37204
>>
>> Comm: 615-313-7522
>>
>> DSN 683-7522
>>
>>
>>
>> Classification: UNCLASSIFIED
>> Caveats: NONE
>>
>>
>
> Classification: UNCLASSIFIED
> Caveats: NONE
>

ATOM RSS1 RSS2

LISTSERV.MIAMIOH.EDU