Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
329
Views
3
Helpful
2
Replies

Internal Users Password Settings related issue in ISE 3.2

Go to solution
santhoshkdhanapal
Level 1
Level 1

‎05-14-2024 11:56 PM

Hi All,

     I have a query regarding a option in ISE 3.2. I have a SSID in my infrastructure which works on the basis of PSK kind of but it prompts for username and password which is created in ISE under the settings "Network access users" that is internal users configuration. In that settings i enabled the option "change the password at next login" which is working for Windows OS as expected but this option isn't working for iphone users(17.4.1 ios). Any suggestions I appreciate in advance.

 

santhoshkdhanapal_0-1715756011506.png

 

santhoshkdhanapal_1-1715756092612.png

 

1 Accepted Solution

Accepted Solutions

Go to solution
Arne Bier
VIP
VIP

‎05-15-2024 03:42 PM

@santhoshkdhanapal - this appears to be an age old problem that Apple has not addressed in their EAP supplicant code. Have a look at this old thread.

Your Wi-Fi network is not using PSK - it's using EAP-PEAP (MSCHAPv2) which is what causes the operating system to pop up a dialogue to enter username and password.

it's probably the easiest 802.1X EAP method to implement, but it's not the most universal (as you can now witness), nor is it guaranteed to always work on Windows either. Credential Guard in Windows can also interfere with EAP-PEAP MSCHAPv2 - the best solution is to use an MDM to provision certs on mobile devices. 

View solution in original post

2 Replies 2

Go to solution
antisocial11224
Spotlight
Spotlight

‎05-15-2024 01:23 AM

@santhoshkdhanapal wrote:

Hi All,

     I have a query regarding a option in ISE 3.2. I have a SSID in my infrastructure which works on the basis of PSK kind of but it prompts for username and password which is created in ISE under the settings "Network access users" that is internal users configuration. In that settings i enabled the option "change the password at next login" which is working for Windows OS as expected but this option isn't working for iphone users(17.4.1 ios). Any suggestions I appreciate in advance.

 

santhoshkdhanapal_0-1715756011506.png

 

santhoshkdhanapal_1-1715756092612.png

 

You should Remove any existing profiles related to the SSID from the iPhone under Settings > General > VPN & Device Management, then reconnect to the network. Review the ISE logs when an iPhone user attempts to connect for any errors or denied access attempts. Ensure both ISE and the iPhone's iOS are updated to the latest versions, as updates often include fixes for compatibility issues. Double-check the policy settings in ISE for any inconsistencies that might affect iOS devices differently.

Go to solution
Arne Bier
VIP
VIP

‎05-15-2024 03:42 PM

@santhoshkdhanapal - this appears to be an age old problem that Apple has not addressed in their EAP supplicant code. Have a look at this old thread.

Your Wi-Fi network is not using PSK - it's using EAP-PEAP (MSCHAPv2) which is what causes the operating system to pop up a dialogue to enter username and password.

it's probably the easiest 802.1X EAP method to implement, but it's not the most universal (as you can now witness), nor is it guaranteed to always work on Windows either. Credential Guard in Windows can also interfere with EAP-PEAP MSCHAPv2 - the best solution is to use an MDM to provision certs on mobile devices. 

Customers Also Viewed These Support Documents