11-11-2020 05:28 AM
Hello,
we've ISE 2.7 patch 2 and Super Admin Access is authenticated by a AD-Group (external Identity Store), this works without problem.
We've another Admin Group for an internal user-store, and this group is authenticated also external by another group on AD.
They login very rarely, but now they can't login anymore (invalid username or password)
They use this accounts for there daily work, so the accounts are ok
if I try to change the mapped group to a group where I'm member of, it works neither.
Under the AD connector the groups are fine, I can retrieve ssid or attributes.
The same occurs on a standalone ISE and on a Deployment (same Patch-Level)
Any Idea, where I can start the search?
Thanks
Karl
Solved! Go to Solution.
11-11-2020 05:50 AM
solved myself:
the 2. admin-group for user-administration had no entry in the RBAC-Policy
11-11-2020 05:50 AM
solved myself:
the 2. admin-group for user-administration had no entry in the RBAC-Policy
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide