ā07-11-2018 04:01 AM
We're starting to implement a new shared wireless network and I need to figure out how to change the username format sent to the external radius servers.
The username currently is in the format <host>.<domain> and we need to send <host>@<domain>. It seems possible to do this in advanced attribute settings -> Modify attribute in the request
I'm unsure of the format, I'd appreciate any guidance.
Thanks
Solved! Go to Solution.
ā07-11-2018 10:29 AM
I think it accepting only static text string and I do not think this is the place for such ID rewrite. If the target RADIUS server is ISE 1.3+ and the ID store is AD, then please use the AD Identity Rewrite.
ā07-11-2018 10:29 AM
I think it accepting only static text string and I do not think this is the place for such ID rewrite. If the target RADIUS server is ISE 1.3+ and the ID store is AD, then please use the AD Identity Rewrite.
ā07-12-2018 01:48 AM
Thanks for your help. I guest I'll have to figure out how to send the correct username format in AD.
ā03-27-2020 02:08 AM
Hi hslai,
Sorry to pick up this older post but I have similar situation where I'm trying to add the domain suffix to a username radius attribute. Situation is as follows: we are using Cisco FMC with external Radius authentication towards Cisco ISE. But FMC is not able to add domain suffixes to usernames. In the ISE we have AD integration and authenticate against AD, here we can use identity rewrite. But the policies also check the users internal group memberschip and this doesnt work because ISE cannot match Radius request without suffix with internal user with suffix. ISE is being used for device administration for Stealthwatch, DNA, Switches, WLC's, etc.... So the internal accounts are configured with external authentication against AD. But towards AD I can use the Identity Rewrite but I cant match on group membership.
Is it possible to configured ISE to forwards the RADIUS request to itself and manipulate the username attribute by adding the domain suffix? Question comes down to: can you use variables in the "Modify attribute in the request" section underneath the "Radius server sequence"?
See example in screen below.
Thanks in advance
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide