11-05-2018 12:18 AM
Hello ,
We have a Cisco ISE deployment with 2 PANs and 4 PSNs .
We have AD Integration with 3 AD that are not two-way trust , they have no trust or one-way trust between them .
We have an auth policy that have the condition of was-machine-authenticated and checks the user to belong to
one of the selected domains.
We start getting errors of Deny Access ,
We notice that the machine is authenticated and user is authenticated but we get the below log :
"User name change detected for the session. Attributes for the session will be removed from the cache"
"AD-Error-Details - Domain trust is one-way "
It seems that something is done and the ise close the session with Deny Access .
Is anyone has similar problem and knows about solution ?
Thank You ,
Palaiologos
Solved! Go to Solution.
11-05-2018 03:15 AM
Hello ,
The problem was found finally ,
We have no authorization rule matched so we searched on our policy and found that we didn t match anywhere the user so we build new rule and everything was ok .
Thanks .
11-05-2018 03:15 AM
Hello ,
The problem was found finally ,
We have no authorization rule matched so we searched on our policy and found that we didn t match anywhere the user so we build new rule and everything was ok .
Thanks .
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide