I’m trying to generate users with Active Directory. I’ve joined Cisco ISE to the domain, added the groups, and created an authentication policy, but no users are being generated. Could you clarify what permissions Cisco ISE requires on Active Directory?
@zacht5476 what do you mean "no users are being generated"? ISE does not generate AD users, ISE performs a lookup against AD to determine if the user exists, the password is valid and determine group membership.
@zacht5476 what do you mean "no users are being generated"? ISE does not generate AD users, ISE performs a lookup against AD to determine if the user exists, the password is valid and determine group membership.
@zacht5476 you see the users being authenticated, you can do lookup of users. ISE is not used to manage the AD users. You configure ISE to join the AD domain to perform lookups, then you can retrieve the AD groups and perform the group membership lookups.
@zacht5476 is the client's native supplicant configured for 802.1X authentication? Are the switches configured for RADIUS and 802.1X authentication? Are the NADs configured on ISE? What do the ISE Live Logs indicate?
@zacht5476 yes, you need to configure the client (windows, mac, linux) to perform 802.1X authentication, the switch/WLC the endpoints connect to must be configured for 802.1X using ISE as the RADIUS server and then ISE must be configured with policies to authenticate the users/computers.
