That's been the same experience here. SSO is actually one of the few functions (praying I don't put a kuna hura on myself with this statement) of CCA that I haven't had to fight major battles with. Are you using a decent NST set up or are most of the clients managing their time settings themselves?
- Sean ---- Sean Hennessey Networking and Information Security Systems Administrator The University of Portland From: Cisco Clean Access Users and Administrators [mailto:[EMAIL PROTECTED] On Behalf Of Kyle Evans Sent: Tuesday, July 15, 2008 5:54 AM To: [email protected] Subject: Re: SSO Working Intermittently? Sometimes we have machines that don't do SSO properly. I think 100% of the time it has been due to the time on the machine being more than 5 minutes out of sync with the domain controller. Kerberos requires the time to be within 5 minutes in order to work properly. Jeremy Wood wrote: Hey Justin, I have seen that too on our setup. We have 3 AD Controllers and use SSO for all of our faculty and staff members. Initially I used only a single controller to handle SSO requests but when this problem started to become more frequent I moved to a domain level SSO. This seems to have fixed most of the problems but every so often we have someone fallback to LDAP. The only thing that seems to be constant for us, in this regard, is inconsistency. I'm hoping that with the next release there are a number of little bug fixes like this that really hinder a seamless CCA experience. Jeremy Wood Norwich University
