01-24-2017 08:16 AM - edited 03-11-2019 12:23 AM
If you have ISE integrated with AD, when a user authenticates with ISE does it create a login event on the DC security event log?
Solved! Go to Solution.
01-25-2017 10:02 AM
It should be irrespective of AD/LDAP. As during authentication of user, ISE talks to Kerberos and for group retrieval/Lookup from AD, it uses LDAP application.
In both cases, event should generate on AD.
Request can be DOT1X which uses RADIUS protocol or it can be TACACS user authentication from AD/LDAP server.
Regards
Gagan
PS : rate if it helps!!!!!
01-24-2017 03:48 PM
Yes, it does as ISE sends request to DC for user check and once it gets confirmation then ISE looks for authorizing that AD user. So in a nutshell, DC should have a log for that user event viewer.
Regards
Gagan
PS : rate if it helps!!!!!
01-25-2017 07:03 AM
but it would be a dot1x login event and not
01-25-2017 10:02 AM
It should be irrespective of AD/LDAP. As during authentication of user, ISE talks to Kerberos and for group retrieval/Lookup from AD, it uses LDAP application.
In both cases, event should generate on AD.
Request can be DOT1X which uses RADIUS protocol or it can be TACACS user authentication from AD/LDAP server.
Regards
Gagan
PS : rate if it helps!!!!!
01-25-2017 10:05 AM
01-25-2017 10:24 AM
We can do that from ISE by sending logs to Syslog server. But don't know how to do that from Microsoft end. It would be better to open a thread with Microsoft team.
You can keep this thread running if required any further questions from our end.
Regards
Gagan
PS : rate helpful posts...
10-22-2019 09:15 PM
Hi
How do we configure ISE to send those logs to FMC or FTD?
Thanks
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: