Solved: Re: Internal Users Password Settings related issue in ISE 3.2

santhoshkdhanapal · ‎05-14-2024

Hi All,

I have a query regarding a option in ISE 3.2. I have a SSID in my infrastructure which works on the basis of PSK kind of but it prompts for username and password which is created in ISE under the settings "Network access users" that is internal users configuration. In that settings i enabled the option "change the password at next login" which is working for Windows OS as expected but this option isn't working for iphone users(17.4.1 ios). Any suggestions I appreciate in advance.

Arne Bier · ‎05-15-2024

@santhoshkdhanapal - this appears to be an age old problem that Apple has not addressed in their EAP supplicant code. Have a look at this old thread.

Your Wi-Fi network is not using PSK - it's using EAP-PEAP (MSCHAPv2) which is what causes the operating system to pop up a dialogue to enter username and password.

it's probably the easiest 802.1X EAP method to implement, but it's not the most universal (as you can now witness), nor is it guaranteed to always work on Windows either. Credential Guard in Windows can also interfere with EAP-PEAP MSCHAPv2 - the best solution is to use an MDM to provision certs on mobile devices.

View solution in original post

Arne Bier · ‎05-15-2024

@santhoshkdhanapal - this appears to be an age old problem that Apple has not addressed in their EAP supplicant code. Have a look at this old thread.

Your Wi-Fi network is not using PSK - it's using EAP-PEAP (MSCHAPv2) which is what causes the operating system to pop up a dialogue to enter username and password.

it's probably the easiest 802.1X EAP method to implement, but it's not the most universal (as you can now witness), nor is it guaranteed to always work on Windows either. Credential Guard in Windows can also interfere with EAP-PEAP MSCHAPv2 - the best solution is to use an MDM to provision certs on mobile devices.