Cisco ise 3.0 can join Active directory but Tried to test user it fail

alexander kobayashi · ‎07-07-2022

Hi All

I try to test user and password from ISE to AD but it show authentication result fail

but I can join Cisco ISE and AD and i can see all group user on AD from Cisco

Cisco ISE and AD can communicate with name can ping with name work and NTP is correct

try to Diag it all work correct

balaji.bandi · ‎07-07-2022

what you see on the Logs : ( ISE side and AD side ?)

some troubleshoot tips :

https://community.cisco.com/t5/security-documents/how-to-troubleshoot-ise-failed-authentications-amp/ta-p/3630960

https://www.cisco.com/c/en/us/td/docs/security/ise/1-0/troubleshooting_guide/ise10_tsg.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

alexander kobayashi · ‎07-07-2022

on ISE I see Message about User not found on AD but I recheck on AD it have user and can use with another device like ACS can use this user for authen but On cisco ISE i can't find this user from cisco ise

Aref Alsouqi · ‎07-07-2022

A couple of things I would check are:

a) Check the status of the domain controllers in Administration > External Identity Sources > Active Directory.

b) Check that all the required domains are set with YES under the Allowed Domains tab.

c) Enable the invalid usernames disclosure under Administration > System >L Security Settings, this will help you to see the actual username on the authentication failure log.