Solved: Cisco ISE v1.1.3 intergration with OpenLdap

louis.odera · ‎02-19-2014

Hi Guys,

We are trying to intergrate our ISE server with a Secondary OpenLdap server (Zentyal). The current primary server we are using for authentication is Active directory. We have managed to test the binding to the Secondary server successfully and added it in the Identity source sequences.

The error we are getting when authenticating the OpenLdap end user machine is as below:

1006 Returned RADIUS Access-Challenge

11001 Received RADIUS Access-Request

11018 RADIUS is re-using an existing session

12304 Extracted EAP-Response containing PEAP challenge-response

11808 Extracted EAP-Response containing EAP-MSCHAP challenge-response for inner method and accepting EAP-MSCHAP as negotiated

Evaluating Identity Policy

15006 Matched Default Rule

15013 Selected Identity Store - Zentyal

22043 Current Identity Store does not support the authentication method; Skipping it

Anyone who has experienced such an issue?

Please help

Saurav Lodh · ‎02-20-2014

Microsoft Challenge Handshake Authentication ProtocolVersion2(MSCHAPv2)is not possible when an LDAP-based authentication server is used. Please use PEAP-GTC as auth. method!!

View solution in original post

Saurav Lodh · ‎02-20-2014

Microsoft Challenge Handshake Authentication ProtocolVersion2(MSCHAPv2)is not possible when an LDAP-based authentication server is used. Please use PEAP-GTC as auth. method!!

louis.odera · ‎03-17-2014

Hi Salodh, You were right!!! We installed a 3rd party supplicant that supported GTC on the Windows machine and the authentication succeeded. Next step is now Profiling the machine otherwise Thanks so much for your help and time.