Not that I am aware of... On 5/20/08 12:42 PM, "Jay Patel" <[EMAIL PROTECTED]> wrote:
> It truly is a beast. Are you using roaming profiles? > > ---- > -----Original Message----- > From: Cisco Clean Access Users and Administrators > [mailto:[EMAIL PROTECTED] On Behalf Of Stempien, Dave > Sent: Tuesday, May 20, 2008 12:29 PM > To: [email protected] > Subject: AD SSO - required open ports? > > Does anyone have a definitive list of the ports required to be open in the > unauthenticated role for AD SSO to work? I've opened the following ports to > our DCs per the suggestion of the Cisco documentation: > > TCP 88 - Kerberos > TCP 135 - RPC > TCP 389 - LDAP > TCP 1025 - RPC > TCP 1026 - RPC > > After doing some sniffing, I discovered that our DCs are also using UDP for > kerberos and LDAP, so I opened the following: > > UDP 88 - UDP-Kerberos > UDP 389 - UDP-LDAP > > Also, per a previous suggestion by Cisco TAC, I also opened: > > TCP 445 - SMB > > Finally, ICMP and DNS is also allowed. > > Currently, my test machine won't even completely log into the domain let > alone perform SSO. It's stuck at "Applying computer settings..." If I > completely disable my unauthenticated policy (except for ICMP and DNS), I > can log into my test machine using cached credentials. > > Has anyone else beaten this beast and care to share your experiences? > > Thanks! > > -- > Dave Stempien, Network Security Engineer > University of Rochester Medical Center > Information Systems Division > (585) 784-2427
