cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1700
Views
0
Helpful
2
Replies

If self-registration user coincide with an AD user name, login fail

morabusa
Level 1
Level 1

Hi,

We have a Guest WLAN with CWA using a self-registering portal with sponsors, and if clients create a username which already exists on AD, the login fails because the ISE tries to authenticate the user with the AD, even when I have only specified "Internal Users" in the sequence. Is there a way to make work this scenario when the self-registered user name coincide with a current existing AD user?

EDIT: Adding more information, lets supose that there is a user called John Smith, then we have a username created in the AD called jsmith. Then the same user wants to register in the self-register portal specifying his first name and last name, and the ISE also tries to generate a new username called jsmith. Then when the user tries to log in to the Guest WLAN, it fails because AD domain is not included in the identity source sequence for Guest access (due to a internal company policy).  

Thanks.

1 Accepted Solution

Accepted Solutions

thomas
Cisco Employee
Cisco Employee

The ISE guest user database is internal to ISE and completely separate from AD.

ISE cannot create users in AD.

Please show us the actual ISE LiveLog Details from the failure so we can see the reason Why if fails according to ISE.

It would potentially help to see what your Guest Authorization Rules are in your ISE Policy Set in case you messed with the default ones.

 

View solution in original post

2 Replies 2

thomas
Cisco Employee
Cisco Employee

The ISE guest user database is internal to ISE and completely separate from AD.

ISE cannot create users in AD.

Please show us the actual ISE LiveLog Details from the failure so we can see the reason Why if fails according to ISE.

It would potentially help to see what your Guest Authorization Rules are in your ISE Policy Set in case you messed with the default ones.

 

Thanks Thomas. It was a missconfiguration, in the Identity source sequence I placed internal users over the guest users, and we had these users internally defined (but with AD authentication) in the ISE Identity. Thanks for the help.