cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

2068
Views
15
Helpful
5
Replies
Highlighted

ISE 2.2 authenticate only AD user (without the need for the machine to be in the AD domain)

Hi,

 

Could you help me with my doubt?

Can I use ISE 2.2 authenticate (Wireless_802.1X) only AD user (without the need for the machine to be in the AD domain)?

 

Best regards

LOURENÇO, Claudio

3 ACCEPTED SOLUTIONS

Accepted Solutions
Highlighted
VIP Advisor

Hi,

Yes, you will need to configure the AD domain in ISE as an external identity source. Then configure the appropriate authentication and authorization rules in a policy. On the client computer (I assume windows) just configure it to use user authentication, select PEAP/MSCHAPv2 as the authentication protocol.

View solution in original post

Highlighted
Frequent Contributor

If the machine is not a domain member, then the user logon credentials are not suitable to authenticate the user in the domain for 802.1X. That is, Single Sign-on is not an option. Therefore  the client must be configured not to use the logon credentials for 802.1X (uncheck Enable single sign on for this network), and a 802.1X password popup window or a bubble will appear after the logon where the user must enter a valid domain username and password.

View solution in original post

Highlighted

5 REPLIES 5
Highlighted
VIP Advisor

Hi,

Yes, you will need to configure the AD domain in ISE as an external identity source. Then configure the appropriate authentication and authorization rules in a policy. On the client computer (I assume windows) just configure it to use user authentication, select PEAP/MSCHAPv2 as the authentication protocol.

View solution in original post

Highlighted

I'm going to do a lab because I have an implementation Cisco ISE.

Thank you very much for your attention RJI.

 

Highlighted

Highlighted
Frequent Contributor

If the machine is not a domain member, then the user logon credentials are not suitable to authenticate the user in the domain for 802.1X. That is, Single Sign-on is not an option. Therefore  the client must be configured not to use the logon credentials for 802.1X (uncheck Enable single sign on for this network), and a 802.1X password popup window or a bubble will appear after the logon where the user must enter a valid domain username and password.

View solution in original post

Highlighted

I did the lab and it worked!

Thank RJI and Peter Kolti very much for your attention.

Content for Community-Ad