10-09-2016 01:24 AM - edited 03-11-2019 12:08 AM
Hi all,
I have a customer using ISE to authenticate BYOD devices against a cisco WLC. All the user management happens within ISE (no links to active directory, etc). On occasion when users setup their windows machines the computer name will be sent along with the user name to RADIUS. So, if they assign jsmith a radius account, windows will actually send over JONSLAPTOP\jsmith as the username. Is there a way to tell ISE to strip out a computer name from the RADIUS authentication request prior to processing?
Thanks,
Brian
Solved! Go to Solution.
10-09-2016 05:45 AM
Active Directory has an "Identity Rewrite" option that should support what you are looking for
Can see from description of this option below
Changes the format of usernames before they are passed to active directory.
Can see this options under the "Advanced Settings" tab of Active Directory
10-09-2016 05:45 AM
Active Directory has an "Identity Rewrite" option that should support what you are looking for
Can see from description of this option below
Changes the format of usernames before they are passed to active directory.
Can see this options under the "Advanced Settings" tab of Active Directory
10-10-2016 09:35 PM
Can I use that if the usernames are in ISE though? ISE isn't forwarding the requests to Active Directory for authentication.
10-10-2016 06:03 PM
Identity Rewrite will indeed do the trick for you!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide