04-26-2023 12:05 AM
I'm trying to implement MFA for TACACS+ device administration. I integrated with NPS using a RADIUS token as an External Identity source and created an identity source sequence where the RADIUS token is 1st and the original AD authentication is 2nd.
I increased the TACACS timeout on the device and the RADIUS token so no timeout accurs.
The MFA gets to the mobile device and the MFA works as expected except it doesn't get to the authorization part of the policy.
From a log perspective everything looks fine except for:
24100 Some of the expected attributes are not found on the subject record. The default values, if configured, will be used for these attributes
How do I go about fixing this? I read somewhere that the attribute value might be empty. I also don't get any clear articles or guides on how to implement MFA.
Solved! Go to Solution.
04-29-2023 06:30 AM
Hi @ferdie.leroux1 ,
as a reference try the Duo MFA Integration with ISE for TACACS+ Device Administration with Microsoft Active Directory Users.
Hope this helps !!!
04-29-2023 06:30 AM
Hi @ferdie.leroux1 ,
as a reference try the Duo MFA Integration with ISE for TACACS+ Device Administration with Microsoft Active Directory Users.
Hope this helps !!!
04-11-2024 10:52 PM
Hey @Marcelo Morais when will it possible to use Azure AD as an identity source for device admin policy in ISE? wanting to leverage our existing Azure MFA for privileged users
05-24-2024 06:42 AM
@ferdie.leroux1 can you share the deployment guide for NPS-EntraID connection? (not the deployment of the NPS Extension but the config piece on EntraID)
I've everything on the ISE side configure as in the DUO example from @Marcelo Morais, and ISE is setup as "Remote RADIUS Server Group" on NPS, plus NPS has "Connections to Microsoft Routing and Remote Access server" policy enabled, but something is failing between NPS and EntraID.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide