Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1952
Views
0
Helpful
1
Replies

User Authentication Failed but Machine succeeded cisco ISE 2.7

Tutu
Level 1
Level 1

‎03-24-2021 10:43 AM - edited ‎03-24-2021 10:48 AM

Hello All,

 

Today after a month of using ISE my users were not able to authenticate but machine authentication succeeded.

 

Please help.

 

This is the error i got from the live logs

 

Issued PAC type=Machine Authorization with expiration time: Wed Mar 24 20:12:17 2021

 

Can someone tell me what this means ?

Labels:
Preview file
11 KB
0 Helpful
1 Reply 1

ppreenja
Cisco Employee
Cisco Employee

‎03-25-2021 09:52 PM - edited ‎03-25-2021 09:52 PM

Hello Tutu,

 

It seems that authorization conditions are not matching as expected.

You might be using host/machine-name as a condition which won't work when authenticating with certificates.

It is expected for EAP-TLS to have the username as host/anonymous since the identity is not yet protected.

I would suggest using the certificate attributes instead and hopefully, that should resolve the issue.

 

If you are still facing the issue, I would request you to post in the below community channel:

 

https://community.cisco.com/t5/network-access-control/bd-p/discussions-network-access-control 

 

Cheers,

Pratham

 

 

0 Helpful
Customers Also Viewed These Support Documents