02-08-2019 06:32 AM - edited 02-08-2019 06:41 AM
Hi,
We have ISE 2.2 patch 10.We use PAP mschapv2 dot1x user authentication. When clients try login to their new laptop coming from IT departmant they get the following error;
We can't sign you in with this credential because your domain isn't available.
How do we get over it?
Regards,
Solved! Go to Solution.
02-08-2019 08:12 AM
02-08-2019 07:05 AM
- You will probably have to verify your ise-policies. For starters check what is in the ISE auth log(s) for the corresponding authentication attempts.
M.
02-08-2019 08:12 AM
02-10-2019 08:38 AM - edited 02-10-2019 12:04 PM
02-08-2019 11:51 AM
Why are you allowing the laptop's to go to PEAP User mode authentication? If you are allowing Domain Users to authenticated you have a hole in your security design. Any user can bring in any device they want and user their AD credentials to attach to the network. If you don't have user based policies, configure only PEAP Computer Auth. If you have user policy requirements you should look to user EAP-TLS or NAM with EAP Chaining.
02-10-2019 10:38 AM
02-10-2019 02:15 AM
Hi,
Can i troubleshoot your problem using remote session.
My Details:
Muhammad Zunaid Bhuiyan
Email: zunaid.cse@gmail.com
Mobile: +880196240005
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: