05-13-2019 01:55 AM
Hello,
I am trying to create Device admin policy for a Palo Alto Firewall. I want to look up the read only users in AD and admin users in the local database of the ISE.
Everything works fine when using PAP as an authentication protocol on the Palo.
When i switch to CHAP...which is preffered, the authentication and authorization from the local database is fine (the admins), but the one to the AD fails with the error: "22043 Current Identity Store does not support the authentication method; Skipping it - AD1".
In Allowed protocols all protocols are checked.
PAP/ASCII
CHAP
MSCHAPv1
Any idea why this is not working?
Regards
Solved! Go to Solution.
05-13-2019 05:21 AM
Please see protocol/ID store support matrix, AD doesn't support EAP-MD5 and CHAP. Please use one of the supported protocol listed in the table for AD:
05-13-2019 05:21 AM
Please see protocol/ID store support matrix, AD doesn't support EAP-MD5 and CHAP. Please use one of the supported protocol listed in the table for AD:
05-13-2019 05:35 AM
Thanks. I have somehow missed that.
04-27-2024 11:42 AM
Could you please provide again the link? The one doesn't work anymore.
TIA
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide