06-08-2017 07:43 PM
Dear Team,
Based on documentation, Active Directory Integration with Cisco ISE 2.0 - Cisco
Cisco ISE 2.x support RODC like in the statement below :
But I find in the mailer :
When using RODC, Cisco ISE have limitation such as :
- Join / Leave
- MSCHAP user authentication
- PAP user authentication with MSRPC
- Machine authentication
- User / machine Change password
The question :
When Cisco ISE can't join RODC, how Cisco ISE do "User Lookup" to be used in Cisco ISE policy configuration ??
Is there any official documentation regarding this ??
How the configuration, when customer have RODC but still want to use user/group/password database in RODC for CIsco ISE policy ??
Solved! Go to Solution.
06-08-2017 08:06 PM
To re-iterate the info discussed offline:
ISE needs join to a regular DC first and RODC can then be used as a backup DC for the supported operations. ISE needs join to a regular DC first and RODC can then be used as a backup DC for the supported operations.
If an RODC in the site where ISE is joined to, then ISE might attempt to use during failover and subjected to the limitations.
If an RODC can provide LDAP services, then yes, ISE can use it as an LDAP ID store. Please note that ISE does not support MSCHAPv2 with LDAP so it has similar limitations to those cited for RODC.
06-08-2017 08:06 PM
To re-iterate the info discussed offline:
ISE needs join to a regular DC first and RODC can then be used as a backup DC for the supported operations. ISE needs join to a regular DC first and RODC can then be used as a backup DC for the supported operations.
If an RODC in the site where ISE is joined to, then ISE might attempt to use during failover and subjected to the limitations.
If an RODC can provide LDAP services, then yes, ISE can use it as an LDAP ID store. Please note that ISE does not support MSCHAPv2 with LDAP so it has similar limitations to those cited for RODC.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide