Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3037
Views
0
Helpful
3
Replies

ISE 3.0 TEAP with AD Security

Maurice Ball
Level 3
Level 3

‎05-31-2021 09:41 AM

Is it possible to setup a Cisco ISE authorization policy that uses TEAP chaining in combination with an active directory security group?

Labels:
0 Helpful
3 Replies 3

rschlayer
Level 4
Level 4

‎06-01-2021 01:13 AM

Hi @Maurice Ball 
could you please clarify what exactly you want to achieve?

When using TEAP (EAP-Chaining) you can use the user information to retrieve the groups and build an authorization policy for it.

Please check this Bug as it might affect you https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvt18613

BR
Rick

0 Helpful

Maurice Ball
Level 3
Level 3
In response to rschlayer

‎06-01-2021 01:55 AM

I am trying to configure my ISE policies to use TEAP with EAP-TLS as the inner method on Windows 10 computers.

It works fine if I use MSCHAPv2 as the inner method but if I use EAP-TLS. I am hitting the same bug as listed below.

Note: My ISE version 3.0 with patch 2 installed.

 

CSCvt18613


AuthZ Conditions with AD Groups Not matched for TEAP - EAP-Chaining
CSCvt18613

Description
Symptom:
Authorization rules conditioning on AD groups not matched.

Conditions:
TEAP with EAP Chaining Enabled
Either computer or user auth with the inner method MSCHAPv2
Expecting to hit AD group conditions

Workaround:
N/A

Further Problem Description

0 Helpful

rschlayer
Level 4
Level 4
In response to Maurice Ball

‎06-01-2021 11:18 PM

It should definitely work in my opinion.

If you can please open a TAC Case.

BR
Rick

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents