Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
430
Views
5
Helpful
3
Replies

ISE 1.3 Upgrade LDAP Issue

dylanhorner
Level 1
Level 1

ā€Ž02-11-2015 08:47 AM - edited ā€Ž03-10-2019 10:26 PM

We recently upgraded to 1.3 and everything seems fine except that we noticed that the catalyst switches we use AD authentication through ISE for stopped dropping us automatically in enable mode. I did rejoin the device to AD as required post upgrade and have since unjoined and rejoined. When I run the test user option for the AD Identity store I get an error saying its unable to fetch LDAP attributes, see attached. There is also a similar error in the syslog anytime a user logs into the switch. I went back on the syslogs and these errors were not happening until the upgrade. I am assuming this somehow correlates to my issue. Anyone else experienced this post upgrade? Thanks.

Labels:
Preview file
4 KB
0 Helpful
3 Replies 3

jan.nielsen
Level 7
Level 7

ā€Ž02-11-2015 09:29 AM

Are you using LDAP or native AD join ?

There are some issues with LDAP and quotes in the group names, which is not supported. I also have had issues with 1.3 and using comma and users names, so something like Doe, John. is not possible as the name of a user in AD.

As for native AD, i have not had any issues with ISE 1.3

0 Helpful

dylanhorner
Level 1
Level 1
In response to jan.nielsen

ā€Ž02-11-2015 09:39 AM

Its native AD join. Joins fine, just errors on the ldap when you do a "test user". I am assuming its related since a syslog message across with a similar error when I authenticate to a switch, see attached.

 

Preview file
6 KB
0 Helpful

Venkatesh Attuluri
Cisco Employee
Cisco Employee

ā€Ž02-18-2015 06:36 AM

what is the protocol you are using  EAPTLS. LDAP do not support mschapv2 , EAPTLS supported

Customers Also Viewed These Support Documents