We have ISE 2.2 patch 10.We use PAP mschapv2 dot1x user authentication. When clients try login to their new laptop coming from IT departmant they get the following error;
We can't sign you in with this credential because your domain isn't available.
How do we get over it?
Solved! Go to Solution.
- You will probably have to verify your ise-policies. For starters check what is in the ISE auth log(s) for the corresponding authentication attempts.
Why are you allowing the laptop's to go to PEAP User mode authentication? If you are allowing Domain Users to authenticated you have a hole in your security design. Any user can bring in any device they want and user their AD credentials to attach to the network. If you don't have user based policies, configure only PEAP Computer Auth. If you have user policy requirements you should look to user EAP-TLS or NAM with EAP Chaining.