Solved: Active Directory has an

5bswan · ‎10-09-2016

Hi all,

I have a customer using ISE to authenticate BYOD devices against a cisco WLC. All the user management happens within ISE (no links to active directory, etc). On occasion when users setup their windows machines the computer name will be sent along with the user name to RADIUS. So, if they assign jsmith a radius account, windows will actually send over JONSLAPTOP\jsmith as the username. Is there a way to tell ISE to strip out a computer name from the RADIUS authentication request prior to processing?

Thanks,

Brian

jrabinow · ‎10-09-2016

Active Directory has an "Identity Rewrite" option that should support what you are looking for

Can see from description of this option below

Changes the format of usernames before they are passed to active directory.

Can see this options under the "Advanced Settings" tab of Active Directory

View solution in original post

jrabinow · ‎10-09-2016

Active Directory has an "Identity Rewrite" option that should support what you are looking for

Can see from description of this option below

Changes the format of usernames before they are passed to active directory.

Can see this options under the "Advanced Settings" tab of Active Directory

5bswan · ‎10-10-2016

Can I use that if the usernames are in ISE though? ISE isn't forwarding the requests to Active Directory for authentication.

nspasov · ‎10-10-2016

Identity Rewrite will indeed do the trick for you!

ISE 2.0 strip Windows computer name from RADIUS username