topic Re: Client Authenticating Incorrectly in ISE 2.4 in Network Access Control

Client Authenticating Incorrectly in ISE 2.4

Alex Pfeil — Mon, 21 May 2018 20:50:18 GMT

We just upgraded to ISE 2.4 from 2.3. A client computer is authenticating with computer credentials. It shows up as USERNAME/USERNAME. The authentication fails.

I thought I would share this to see if anyone is having the same issue. I also have a TAC case open so I can provide an update from there as well.

Thanks,

Alex

Re: Client Authenticating Incorrectly in ISE 2.4

hslai — Mon, 21 May 2018 23:38:40 GMT

ISE 2.4 is masking out invalid usernames. To see them, please use the option [ ] Disclose invalid usernames.

Re: Client Authenticating Incorrectly in ISE 2.4

Alex Pfeil — Tue, 22 May 2018 16:47:35 GMT

Is this something that is usually corrected with Identity Rewrite, driver issue, etc.?

Re: Client Authenticating Incorrectly in ISE 2.4

hslai — Tue, 22 May 2018 16:55:41 GMT

I believe the reason we are suppressing such user names is that the end users accidentally put their passwords as the usernames some times.

CSCvh91118 is an enhancement filed during ISE 2.4 beta to make the option more flexible. I just added the release notes enclosure so it would take a couple of days of Cisco internal review before becoming external visible.

Re: Client Authenticating Incorrectly in ISE 2.4

Alex Pfeil — Tue, 22 May 2018 16:57:07 GMT

In this case, it would be a host. Can you comment on host authentications?

Re: Client Authenticating Incorrectly in ISE 2.4

hslai — Tue, 22 May 2018 17:05:43 GMT

Please use the option to disclose the real host subject for 30 minutes and then update ISE configurations accordingly.