https://community.cisco.com/t5/network-access-control/ise-not-able-to-authenticate-computer-and-users-using-ldap/m-p/3371887#M549173 <P>Hi,</P> <P>Can you provide a screenshot of your authentication and authorisation policy please?</P> <P>Can you provide a screenshot of the failed authentication?</P> <P>&nbsp;</P> <P>In regard to your statement using Smart Card or other Certificate, this requires a User and/or Computer certificate on all of the computers, in addition to the Server certificate you've configured on ISE.</P> <P>&nbsp;</P> <P>Why can you not fetch groups from AD? Once you've created an External Identity Source for AD, you just need to go to the groups tab and select the groups you want. Or is there a communications error? Perhaps take a screenshot and upload here?</P> <P>&nbsp;</P> <P>HTH</P> Tue, 24 Apr 2018 13:31:40 GMT Rob Ingram 2018-04-24T13:31:40Z https://community.cisco.com/t5/network-access-control/ise-not-able-to-authenticate-computer-and-users-using-ldap/m-p/3371404#M549170 <P><STRONG>Current Setup:</STRONG></P> <P><STRONG>LDAP</STRONG> as Identity stores for both domain computers and users.</P> <P><STRONG>PEAP-TLS or EAP-TLS </STRONG>as authentication method</P> <P>&nbsp;</P> <P><STRONG>Below the configuration of the computer LAN:</STRONG><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Capture.JPG" style="width: 596px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/10849i99B7D108EABA5DDF/image-size/large?v=v2&amp;px=999" role="button" title="Capture.JPG" alt="Capture.JPG" /></span>&nbsp;</P> <P>&nbsp;</P> <P><STRONG>Only below the available method for authentication:</STRONG></P> <P>&nbsp;<span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Capture.JPG2.JPG" style="width: 225px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/10850iE1A08BF526229477/image-size/large?v=v2&amp;px=999" role="button" title="Capture.JPG2.JPG" alt="Capture.JPG2.JPG" /></span></P> <P>&nbsp;</P> <P>I tried the first method ( Smart Card or other Certificate) but getting prompt " need certificate" on the test computer. Take note that&nbsp; I have the root cert of the server and also the&nbsp;CSR from ISE&nbsp; binded with the server. In short, i have all the required certificate on the ISE.</P> <P>&nbsp;</P> <P>When I used the 2nd method, I getting below error:</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Capture.JPG3.JPG" style="width: 572px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/10851i09D770B5013EFF62/image-size/large?v=v2&amp;px=999" role="button" title="Capture.JPG3.JPG" alt="Capture.JPG3.JPG" /></span></P> <P>&nbsp;</P> <P>I have successfully integrated the ISE to LDAP as I able to fetch the groups from the LDAP and used in the Policy.</P> <P>&nbsp;</P> <P>Why ISE not able to locate my username?&nbsp;</P> <P>Is there compatibility between LDAP and the authentication that I have used?</P> <P>&nbsp;</P> <P>I cant used the AD as I am not able to fetch the groups/users from AD that's why we used LDAP.</P> <P>Its already a couple of days looking for exact setup but always found most of them using AD as Identity Store.</P> <P>&nbsp;</P> <P>All I need is same setup, LDAP as server and what needs to configure on the computer LAN connection,</P> <P>&nbsp;</P> <P>Thank you in advance.</P> <P>&nbsp;</P> <P>&nbsp;</P> Fri, 21 Feb 2020 18:54:15 GMT https://community.cisco.com/t5/network-access-control/ise-not-able-to-authenticate-computer-and-users-using-ldap/m-p/3371404#M549170 ecejhe-old 2020-02-21T18:54:15Z https://community.cisco.com/t5/network-access-control/ise-not-able-to-authenticate-computer-and-users-using-ldap/m-p/3371887#M549173 <P>Hi,</P> <P>Can you provide a screenshot of your authentication and authorisation policy please?</P> <P>Can you provide a screenshot of the failed authentication?</P> <P>&nbsp;</P> <P>In regard to your statement using Smart Card or other Certificate, this requires a User and/or Computer certificate on all of the computers, in addition to the Server certificate you've configured on ISE.</P> <P>&nbsp;</P> <P>Why can you not fetch groups from AD? Once you've created an External Identity Source for AD, you just need to go to the groups tab and select the groups you want. Or is there a communications error? Perhaps take a screenshot and upload here?</P> <P>&nbsp;</P> <P>HTH</P> Tue, 24 Apr 2018 13:31:40 GMT https://community.cisco.com/t5/network-access-control/ise-not-able-to-authenticate-computer-and-users-using-ldap/m-p/3371887#M549173 Rob Ingram 2018-04-24T13:31:40Z https://community.cisco.com/t5/network-access-control/ise-not-able-to-authenticate-computer-and-users-using-ldap/m-p/3372431#M549176 <P>Thank <STRONG>RJI</STRONG>. I tried to rejoin the AD one more time but still not able to fetch the groups from AD.&nbsp;</P> <P>I tried to test user from ISE and it was successful. Then, from the result I found the directory group and manually search it. That time, I was able to fetch the exact group that I was trying&nbsp; to fetch.&nbsp;</P> <P>Now, my policy in ISE&nbsp; is working fine and will just conduct more test.</P> <P>&nbsp;</P> <P>I just wondering why I cant fetch groups using "&nbsp;<STRONG>*&nbsp; "</STRONG></P> <P>&nbsp;</P> <P><STRONG>Thank you so much.</STRONG></P> Wed, 25 Apr 2018 05:54:17 GMT https://community.cisco.com/t5/network-access-control/ise-not-able-to-authenticate-computer-and-users-using-ldap/m-p/3372431#M549176 ecejhe-old 2018-04-25T05:54:17Z