- Cisco VPN interoperability with Active Directory
- Posted by AdvanceCo Inc \(www.advancecoinc.com\) on February 25th, 2004
I have recently found run into a Kerberos/Active
Directory issue that limits compatibility with Cisco 3000
series VPN's. The issue revolves around the sidHistory
attribute in the Active Directory. In short if this
attribute is present and the value is greater than 3
groups the authentication fails. The value is present
because of migrations from NT4 to 2003 using the ADMT v2
tool. Place great care in migrating user who will become
members of nested groups or multiple groups. The
migrated users sidHistory increase with the tokengroup
attribute.
- Posted by Evan Erwee [MVP] on February 25th, 2004
Thanx ...
"AdvanceCo Inc (www.advancecoinc.com)" <anonymous@discussions.microsoft.com>
wrote in message news:13f501c3fbb0$c6d1a5f0$a401280a@phx.gbl...
Similar Posts
- Active Directory, Cisco ACS 3.3, and RSA ACE Secure ID (Routers) by setiawani@gmail.com
- Active Directory users on Cisco PIX (Routers) by Diego Fernández
- Using Cisco PIX with Active Directory & VPN (Routers) by Steve Baker
- Cisco Networking Services for Active Directory (CNS/AD) (Routers) by JohnNews
- Cisco Secure ACS v3.2.1 & Active Directory (Routers) by Thomas Kuborn
