06-13-2019 10:17 PM
Hello,
Please suggest how to add more AD attributes to the radius live logs. We use ISE 2.3 for 802.1x authentication thru ActiveDirectory. Earlier I saw a lot of AD attributes in the live logs, for example "memberOf" fields, and they helped a lot to tune policy sets. But then something happened and now logs show only short set of attributes.
Is there any documentation on how to get and use all available attributes from ActiveDirectory?
Thank you in advance
Solved! Go to Solution.
06-16-2019 11:40 AM
Hello Aleksandr,
now the attributes are retrieved from AD, what i can advice you to do is the below:
go to administration > external identity source > active directory
click on the join point, there is section called attributes,
click on it then select retrieve attributes from active directory.
put any user and click on retrieve it will collect all the available attributes, add what you need then you can use it in policy set.
06-17-2019 05:20 AM
did you use them in condition ? or you just want to see them on logs ? we dont usually control the logs only collection filter but part of the report we dont,
in case of difficulties on this matter as suggested tac case will be good, however if you want to see what we retrieve for specific user.
go to AD tap and test the user there for lookup there will attribute section it will contain everything
06-16-2019 02:02 AM
What Authentication method are you using?
Can you send a snap shot of the attributes you are seeing and name or show the attributes you are not seeing.
06-17-2019 01:10 AM - edited 06-17-2019 01:11 AM
Hello @ldanny Thank you for response.
We use dot1x Authentication method. I want to see "memberOf" attribute in the Radios Live Logs but it is absent here.
06-16-2019 11:40 AM
Hello Aleksandr,
now the attributes are retrieved from AD, what i can advice you to do is the below:
go to administration > external identity source > active directory
click on the join point, there is section called attributes,
click on it then select retrieve attributes from active directory.
put any user and click on retrieve it will collect all the available attributes, add what you need then you can use it in policy set.
06-17-2019 01:16 AM
Hello @yalbikaw Thank you for response and valuable information. I did not know how to manage attributes.
I selected all attributes I want to see in the logs but they still not included in the live log.
06-17-2019 02:40 AM
If your not seeing the attribute after adding it from AD I suggest you contact TAC for further troubleshooting
06-17-2019 05:20 AM
did you use them in condition ? or you just want to see them on logs ? we dont usually control the logs only collection filter but part of the report we dont,
in case of difficulties on this matter as suggested tac case will be good, however if you want to see what we retrieve for specific user.
go to AD tap and test the user there for lookup there will attribute section it will contain everything
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide