I have that configured per the link you provided.

I'm still recieving the following error, "Sponsor authentication has failed :  Sponsorgroup not found for user"

I have an authorization policy setup however I don't think it's even making it that far.

Thanks,
Pete

Do you see in the authentiaction details which AD groups were retrieved?

One suggestion. I see that the name you have given to the AD store is AD_washcty.local. May be worth trying a name that does not include a '.' character

Does this screen cap help?  There is no Identity Group associated with the login request.

We've used 'AD_washcty.local' with all our other AD based authentication on ISE without issue.

Thanks again,

Pete

Pete,

That is interesting. Can you can post a screenshot of the "memberOf" section of this user account in Active Directory?

You can go to the AD settings in ISE to see which domain controller this ISE node is connected to. Also is this ISE node a standalone deployment?

Thanks,

Tarik Admani
*Please rate helpful posts*

Hi jrabinow

we have the same problem and I did have "local.dir" as AD identity store name. I changed this do something else without a dot (.), but it didn't work too.

Regards

Dominic

Hi Pete

offcourse, here we go:

Best regards

Dominic

Ok -  Under Settings->Sponsor->Authentication Source

What is the Identity Store Sequence set to?

Sure:

Hi Pete

have you been able to solve your problem in the meantime?

Regards

Dominic

Hi Pete,

Have you had any luck at all? I'm experiencing the same symptoms when trying to authenticate sponsors that are a member of a specific group in AD.

Regards,

Evan.