05-15-2013 08:34 AM - edited 03-10-2019 08:26 PM
Hi guys,
please, wich is the best solution to know if a machine is member of the Microsoft AD Domain?
I am looking for something in ISE conditions but i couldn't see anything related.
thanks a lot
05-15-2013 09:38 AM
do you only need to perform and match machine authentication ot machine plus user authentication from the MS ad domain.
The below listed screen shot is good example to understand machine and user. This is called machine access restriction.
https://supportforums.cisco.com/servlet/JiveServlet/showImage/2-3715106-99239/Machine%2BUser.jpg
If you only looking for machine authentication that we have to use condition with systemuser equals to host/
Jatin Katyal
- Do rate helpful posts -
05-15-2013 09:58 AM
Hi Jatin,
thanks a lot for your reply!
I'll test this and i'll send the results.
thanks
05-15-2013 11:17 AM
Hi Jatin,
please, could you answer me a question which i am a litlle confused about it?
Why does the Machine AD Domain verification isn't on Posture verification?
Because can i see the Machine AD verification like a posture requeriment? isn't it?
thanks
05-20-2013 04:38 AM
This can be accomplished in 2 ways:
Check whether the machine was authenticated. I agree with Jatin, he has provided helpful information
For more information follow this location
http://www.cisco.com/en/US/docs/security/ise/1.1.1/user_guide/ise_auth_pol.html#wp1063457
OR
Configure Profiling condition based on IP:FQDN attribte CONTAINS "ad-domain.com"
Review the following link:
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide