Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
682
Views
0
Helpful
1
Replies

EasyConnect Group Mapping

scamarda
Cisco Employee
Cisco Employee

‎12-16-2016 09:57 AM

I've set up EasyConnect (ISE 2.1.0.474) with my 2008 AD servers following the document posted on the community.  I am seeing all working OK except I am not getting the group mapping.  The connections are falling through the "Domain User" and Domain Admin" rules to the Limited Rule.  In the live log I do see the username appended to the mac address  in one entry and then a second entry for the user/ip mapping. The debug log looks the same as the posted document.  In the debug I do not see any Group reference.  How is the group mapped to the user with easyconnect? I believe my AD is working ok because external group mapping works when using an 802.1x client.  How can I troubleshoot this to see why I am missing the user to group mapping?

Thanks

0 Helpful
1 Reply 1

hslai
Cisco Employee
Cisco Employee

‎12-16-2016 08:36 PM

ISE AD connector will perform the lookups to determine the AD user group mapping, so you may debug it as if the rules are for regular AD groups/attributes.

0 Helpful
Customers Also Viewed These Support Documents