02-08-2019 06:32 AM - edited 02-08-2019 06:41 AM
Hi,
We have ISE 2.2 patch 10.We use PAP mschapv2 dot1x user authentication. When clients try login to their new laptop coming from IT departmant they get the following error;
We can't sign you in with this credential because your domain isn't available.
How do we get over it?
Regards,
Solved! Go to Solution.
02-08-2019 08:12 AM
02-08-2019 07:05 AM
- You will probably have to verify your ise-policies. For starters check what is in the ISE auth log(s) for the corresponding authentication attempts.
M.
02-08-2019 08:12 AM
02-10-2019 08:38 AM - edited 02-10-2019 12:04 PM
02-08-2019 11:51 AM
Why are you allowing the laptop's to go to PEAP User mode authentication? If you are allowing Domain Users to authenticated you have a hole in your security design. Any user can bring in any device they want and user their AD credentials to attach to the network. If you don't have user based policies, configure only PEAP Computer Auth. If you have user policy requirements you should look to user EAP-TLS or NAM with EAP Chaining.
02-10-2019 10:38 AM
02-10-2019 02:15 AM
Hi,
Can i troubleshoot your problem using remote session.
My Details:
Muhammad Zunaid Bhuiyan
Email: zunaid.cse@gmail.com
Mobile: +880196240005
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide