Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
80
Views
1
Helpful
2
Replies

AD users failing to authenticate on Cisco ISE

adityanayak14
Level 1
Level 1

‎08-06-2024 02:50 AM

Hi all,
 
Recently I've been facing an issue in my environment whereby accounts from Active Directory fail to authenticate on Cisco switches. Logs in Cisco ISE (TACACS > Live logs) show that selected shell profile is "Deny Access". However, according to my policy set configuration, I feel it should be going to a different shell profile ("Cisco Read Write").
 
TACACS live logs also show that the user is found in our AD so I'm unsure why the authentication is failing. Any help in resolving this issue and enabling AD logins on network devices would be appreciated. I have attached pictures of my device admin policy set and TACACS live logs for clarity.
 
Cheers
Preview file
926 KB
Preview file
8737 KB
Preview file
73 KB
2 Replies 2

MHM Cisco World
VIP
VIP

‎08-06-2024 03:26 AM

Check depoly and license 

-Admin>system >deployment 

Enable device admin service 

-admin > system > licensing 

Device admin 

MHM

0 Helpful

ahollifield
VIP
VIP

‎08-06-2024 08:22 AM

Not enough information here to help unfortunately.  But something is not matching your configured authorization rules.  Your AD authentication is successful.  My guess is the AD Group is not matching.

0 Helpful
Customers Also Viewed These Support Documents