Hello good people,
I am experiencing issues when trying to use Kerberos to authenticate my users.
First of all, I am using:
IC 6000, standalone, 2.2R4
Windows Server 2008 with AD as my authentication server
When using a simple LDAP bind to authenticate my users, no problem, everything works smoothly.
But, when trying to use Kerberos, it all goes wrong. Is there some kind of trouble between AD2008 and IC?
I am positive about the admin credentials I am providing to the IC (no 'domain\' before the username) and the ip address of the server (in the same subnet of the IC, but I still get an error like admin credentials are wrong, or the server is not a domain controller. I was able to add the IC to the domain once, that was when I provided the FQDN of the DC instead of the IP address, but I still had the same error when I hit the 'Test Configuration' button.
Thanks a lot,
edit: It says on the documentation, in the part 'Multi-Domain User Authentication', that IC supports only Windows 2000 and Windows 2003. Although I only have one domaine, does this part apply to my problem? Cause it could explain a lot of things :-D
Solved! Go to Solution.
Hey: Actually Windows2008 is not supported in UAC2.2R4. I missed the fact that you are using Windows2008 AD server. You need UAC3.0R1 or later for this to work.
for Kerberos to work, time difference between AD server and IC shouldn't be more than 2 mins(Microsoft enforces this).
please make sure that IC's and AD's time is in sync.
there is no more than 1 minute difference between those two devices. In fact they are using the same NTP server.
it works with the new 3.0 :-)
did you have your user do 802.1x on the switch too and switch configured to do kerberos? i'm dealing with a situation where OAC client need to do machine auth at the same time using 802.1x on the switches. I have configured switch to be radius and UAC is configured to receive switche's radius auth but what's confusing me is that is the UAC is going to do the conversion from 802.1x radius to kerberose to verify the AD's LDAP database for machine name?
i would really appreicate if you could tell me your experience.
I am sorry, the environment described in this thread does not use 802.1X, only layer 3authentication.
You might want to create a new thread for your issue