Solved: Re: Client Authenticating Incorrectly in ISE 2.4

Alex Pfeil · ‎05-21-2018

We just upgraded to ISE 2.4 from 2.3. A client computer is authenticating with computer credentials. It shows up as USERNAME/USERNAME. The authentication fails.

I thought I would share this to see if anyone is having the same issue. I also have a TAC case open so I can provide an update from there as well.

Thanks,

Alex

hslai · ‎05-21-2018

ISE 2.4 is masking out invalid usernames. To see them, please use the option [ ] Disclose invalid usernames.

View solution in original post

hslai · ‎05-21-2018

ISE 2.4 is masking out invalid usernames. To see them, please use the option [ ] Disclose invalid usernames.

Alex Pfeil · ‎05-22-2018

Is this something that is usually corrected with Identity Rewrite, driver issue, etc.?

hslai · ‎05-22-2018

I believe the reason we are suppressing such user names is that the end users accidentally put their passwords as the usernames some times.

CSCvh91118 is an enhancement filed during ISE 2.4 beta to make the option more flexible. I just added the release notes enclosure so it would take a couple of days of Cisco internal review before becoming external visible.

Alex Pfeil · ‎05-22-2018

In this case, it would be a host. Can you comment on host authentications?

hslai · ‎05-22-2018

Please use the option to disclose the real host subject for 30 minutes and then update ISE configurations accordingly.