cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1404
Views
5
Helpful
2
Replies

ISE LDAP username's password verification

mykys
Level 1
Level 1

Hi guys,

 

Dumb question

 

How ISE validates username's password using LDAP server as the external identity store?

 

Got unsecure (TCP/389) LDAP pcap flows between ISE and the server, doing some check and verification.

I do see some search requests/responses and group membership retrieval but no password verification (or at least in the clear test).

 

Thanks,

myky

1 Accepted Solution

Accepted Solutions

balaji.bandi
Hall of Fame
Hall of Fame

its all depends on the config - check the methods supports ISE to connect LDAP

 

Table 2. Authentication Protocols Supported by Active Directory

https://www.cisco.com/c/en/us/td/docs/security/ise/2-1/admin_guide/b_ise_admin_guide_21/b_ise_admin_guide_20_chapter_01101.html#ID467

 

this explain some configuration :

 

https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/216190-configure-and-troubleshoot-ise-with-exte.html

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

2 Replies 2

balaji.bandi
Hall of Fame
Hall of Fame

its all depends on the config - check the methods supports ISE to connect LDAP

 

Table 2. Authentication Protocols Supported by Active Directory

https://www.cisco.com/c/en/us/td/docs/security/ise/2-1/admin_guide/b_ise_admin_guide_21/b_ise_admin_guide_20_chapter_01101.html#ID467

 

this explain some configuration :

 

https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/216190-configure-and-troubleshoot-ise-with-exte.html

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

I guess I didn't run the capture enough to get the password verification process captured.

Thanks,

myky

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: