cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

580
Views
0
Helpful
2
Replies
Cisco Employee

ISE 2.2 Active Directory Authentication, Kerberos and MSRPC settings

Hello Experts, 

 

We have a customer that noticed latency authentications issues and we noticed that he is using MSRPC authentication. We did a manual test using the Test User option and if we use Kerberos authentication we don't get any latency messages but if we change to MSRPC we start getting latency messages. 

Is there a way to configure ISE to only use Kerberos authentication and not MSRPC?

 

Thanks in advance. 


Christian M.

Everyone's tags (1)
2 ACCEPTED SOLUTIONS

Accepted Solutions
Highlighted
VIP Rising star

Re: ISE 2.2 Active Directory Authentication, Kerberos and MSRPC settings

No. In order to successfully integrate ISE & AD MSRPC must be open and used. HTH!

View solution in original post

Highlighted
Cisco Employee

Re: ISE 2.2 Active Directory Authentication, Kerberos and MSRPC settings

If AD used for plain-text auth (e.g. PAP-ASCII), you may enable this option [ ] Use Kerberos for Plain Text Authentications.

Screen Shot 2019-02-13 at 7.43.36 PM.png

Otherwise, as Mike.Cifelli said, MSRPC is required.

View solution in original post

2 REPLIES 2
Highlighted
VIP Rising star

Re: ISE 2.2 Active Directory Authentication, Kerberos and MSRPC settings

No. In order to successfully integrate ISE & AD MSRPC must be open and used. HTH!

View solution in original post

Highlighted
Cisco Employee

Re: ISE 2.2 Active Directory Authentication, Kerberos and MSRPC settings

If AD used for plain-text auth (e.g. PAP-ASCII), you may enable this option [ ] Use Kerberos for Plain Text Authentications.

Screen Shot 2019-02-13 at 7.43.36 PM.png

Otherwise, as Mike.Cifelli said, MSRPC is required.

View solution in original post