Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
662
Views
0
Helpful
1
Replies

ISE 2.4 Machine Authentication with AnyConnect NAM failing

wafikmaher
Level 1
Level 1

‎03-16-2019 02:08 PM

Machine Authentication while using the Windows Supplicant is succeeding (live log attached). Machine Authentication while using the AnyConnect NAM (profile attached), is failing (live log attached).

 

NAM log shows something which is not clear:

24210 Looking up User in Internal Users IDStore - host/W7PC-CORP.demo.local
24216 The user is not found in the internal users identity store
15013 Selected Identity Source - All_AD_Join_Points
24432 Looking up user in Active Directory - All_AD_Join_Points
24325 Resolving identity - employee1@demo.local

Why the user got changed from host/W7PC-CORP.demo.local, to employee1@demo.local, which will fail the group membership condition.

 

AnyConnect Machine Auth issue.zip
0 Helpful
1 Reply 1

paul
Level 10
Level 10

‎03-18-2019 01:44 PM

You aren't comparing apples to apples. The windows supplicant is correctly configured to do PEAP computer authentication.  It looks like you have NAM configured to do EAP-FAST computer and user credentials.  Configure your NAM to do just PEAP computer to mimic what you are doing with the windows supplicant.  What is your ultimate goal for authentication?

0 Helpful
Customers Also Viewed These Support Documents