Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
618
Views
0
Helpful
2
Replies

Cisco ISE iPads Active Directory Integration

joeharb
Level 5
Level 5

‎02-21-2014 12:54 PM - edited ‎03-10-2019 09:26 PM

This might not be the appropriate place for this question but I am hoping someone else has had a similar issue.  We have our Cisco WLC and ISE integrated using our Active Directory for the Idenity Store.  I have create a profile for the iPads that has the Root CA for our internal Domain and I am able to deploy it without issue and the user puts in their username/password and they are able to connect.  The problem I am having is when the password is changed for the end user, example my password expired and I changed it using my windows 7 laptop.  Now the iPad has the old password stored and it will not let me connect.  We are in the process of changing over from Free Radius as our authentication method for Wireless and when the same scenario occurs with the FreeRadius server the iPad will prompt for the password after it fails authentication.  From what I could tell ISE didn't do this.  We are using PEAP and from the setup I have found that on a PEAP connection failure for Authenticaton there is only reject, does this mean that ISE will always reject the connection if invalid credentials are supplied?

I don't believe there is a way on the iPad to put in new credentials unless you "Forget" the network, and from what I can tell this is not possible if the Network was install with a profile, therefore the only option is to remove the profile.  Now how does the end user get the profile if they have no connection to the network?  Is there a way for ISE to see that the user is valid but the password isn't and prompt back to the iPad for the correct password?

Thanks,

Joe

Labels:
0 Helpful
2 Replies 2

Naveen Kumar
Level 4
Level 4

‎02-27-2014 11:48 PM

I the authentication failed reports, if you check the details you can see the reason of failed authentication.

0 Helpful

joeharb
Level 5
Level 5
In response to Naveen Kumar

‎02-28-2014 06:13 AM

I know why the authentication fails, the password stored on the iPad is not correct because the user has had to change the AD password due to expiration. Since this is a failed login and we are using PEAP, will ISE only reject the connection with no communication back to the supplicant/iPad?

Sent from Cisco Technical Support iPad App

0 Helpful
Customers Also Viewed These Support Documents