Solved: Re: How to add more AD attributes to the live logs

Aleksandr Serov · ‎06-13-2019

Hello,

Please suggest how to add more AD attributes to the radius live logs. We use ISE 2.3 for 802.1x authentication thru ActiveDirectory. Earlier I saw a lot of AD attributes in the live logs, for example "memberOf" fields, and they helped a lot to tune policy sets. But then something happened and now logs show only short set of attributes.

Is there any documentation on how to get and use all available attributes from ActiveDirectory?

Thank you in advance

yalbikaw · ‎06-16-2019

Hello Aleksandr,

now the attributes are retrieved from AD, what i can advice you to do is the below:

go to administration > external identity source > active directory

click on the join point, there is section called attributes,

click on it then select retrieve attributes from active directory.

put any user and click on retrieve it will collect all the available attributes, add what you need then you can use it in policy set.

View solution in original post

yalbikaw · ‎06-17-2019

did you use them in condition ? or you just want to see them on logs ? we dont usually control the logs only collection filter but part of the report we dont,

in case of difficulties on this matter as suggested tac case will be good, however if you want to see what we retrieve for specific user.

go to AD tap and test the user there for lookup there will attribute section it will contain everything

View solution in original post

ldanny · ‎06-16-2019

What Authentication method are you using?

Can you send a snap shot of the attributes you are seeing and name or show the attributes you are not seeing.

Aleksandr Serov · ‎06-17-2019

Hello @ldanny Thank you for response.

We use dot1x Authentication method. I want to see "memberOf" attribute in the Radios Live Logs but it is absent here.

yalbikaw · ‎06-16-2019