Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
635
Views
0
Helpful
2
Replies

ISE AuthZ for Wireless Phones MIC EAP-TLS

Stephen McBride
Level 1
Level 1

‎02-23-2014 09:49 PM - edited ‎03-10-2019 09:26 PM

Hi all,

Trying to authorise 7925G phones using MIC and EAP-TLS. My problem is that I can't seem to get the username in the MIC to match against an Internal Identity group on ISE AuthZ policies. If I remove the endpoint ID group I am able to auth no worries. Everything looks great including the username been in a specific User ID group but I just cannot get it to match a policy with this group selected (both as the ID Group and as an "Internal User:Identity Group" condition).

Any ideas or is this just not possible?

Labels:
0 Helpful
2 Replies 2

kaaftab
Level 4
Level 4

‎02-24-2014 02:11 AM

I would suggest try MAB to authenticated the decives with ISE and share your authentication policy

0 Helpful

Stephen McBride
Level 1
Level 1
In response to kaaftab

‎02-24-2014 01:58 PM

Out of curiousity why would you suggest MAB in this instance? These devices have MIC certs and are pretty much EAP-TLS ready out of the box? My problem simply lies with the apparent inability of ISE to match the Subject CN againt an internal group.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents