11-12-2019 07:26 AM - edited 11-12-2019 07:32 AM
CSCvh91118 implies (but doesn't explicitly state) that from ISE 2.4 patch 6, you can permanently enable the Disclose invalid usernames option. The pop-up help has also removed references about this option being limited to 30 minutes.
This option is not working however; RADIUS Live Logs still mask the invalid username, even when testing within ~5 minutes of enabling it. Unlike the previous behavior, the checkbox stays ticked after 30 minutes so that doesn't appear to be the problem.
Can anyone running ISE 2.4 patch7+ confirm whether the option works for them please?
CSCvo24097 doesn't appear to be at play as it appears CSCvo24097 is what drove the enhancement request that CSCvh91118 discusses.
11-12-2019 07:56 AM
I have two deployments right now that have this enabled. One is on 2.4 patch 9 and another on 2.4 patch 10. Both work correctly assuming I am looking at new authentications, it doesn't unmask old ones.
11-12-2019 09:53 AM
I assume you're using the AD connector?
It might be different with the LDAP connector I suspect.
11-12-2019 08:04 AM
If you are still having issues with this option, please contact the TAC to troubleshoot further.
-Regards,
Tim
11-12-2019 09:54 AM - edited 11-12-2019 09:55 AM
Thanks - can you confirm this is a known bug (with the LDAP connector at least)?
11-14-2019 01:57 AM
Does anyone have this working with the LDAP connector?
01-23-2020 01:49 AM
02-06-2020 01:35 AM
Hi, was there a bug ID? I am running 2.6 patch3 and still seeing the issue.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: