Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2202
Views
15
Helpful
3
Replies

Failed authentications with username "USERNAME"

Go to solution
Matteo Comisso
Level 1
Level 1

‎12-17-2019 09:33 AM

Hi all,

I've just noticed a thing looking at failed authentications on a production ISE cluster: a lot of clients, probably smartphones, are trying to connect the WPA2-Enterprise SSID using username "USERNAME". I'm suspecting this is something intentional, but I can't figure out what feature is this and how this should be helpful.

 

Thanks in advance!

 

Matteo

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Damien Miller
VIP Alumni
VIP Alumni

‎12-17-2019 09:47 AM

This was introduced for security reasons. If you look at this link i provided, you will be able to disable the masking by checking the box "Disclose invalid usernames". In earlier 2.4 patches this was only enabled for 60 minutes, if you are on a later patch you can disable it indefinitely.
https://<ise admin ip>/admin/#administration/administration_system/administration_system_settings/protocols/RADIUS

 

radius.png

View solution in original post

3 Replies 3

Go to solution
Damien Miller
VIP Alumni
VIP Alumni

‎12-17-2019 09:47 AM

This was introduced for security reasons. If you look at this link i provided, you will be able to disable the masking by checking the box "Disclose invalid usernames". In earlier 2.4 patches this was only enabled for 60 minutes, if you are on a later patch you can disable it indefinitely.
https://<ise admin ip>/admin/#administration/administration_system/administration_system_settings/protocols/RADIUS

 

radius.png

Go to solution
Matteo Comisso
Level 1
Level 1
In response to Damien Miller

‎12-18-2019 12:32 AM

Thanks Damien!

 

Just to complete the answer, in case someone will need in the future: in ISE 2.6 this setting has been moved under Administration > System > Settings > Security Settings

 

Regards,

Matteo

0 Helpful

Go to solution
Mike.Cifelli
VIP Alumni
VIP Alumni

‎12-17-2019 10:00 AM

From a wired perspective this can potentially be due to your clients supplicant not being setup to negotiate properly. I know with NAM you can configure profiles specifically to use an unprotected identity pattern for the outer layer. The default is anonymous, but you can change it using the profile editor. Not sure what WLCs you are using, but I would agree that this is intentional. If the logs are truly from mobile devices I would start with tshooting your onboarding process. Good luck & HTH!
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents