Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1261
Views
0
Helpful
3
Replies

ISE-PIC and multiple trusted Active Directory domains

JOHN PAUL MORRISON
Level 1
Level 1

‎05-14-2021 11:32 AM

I've got ISE-PIC setup for testing. 

 

I am seeing active sessions logged after setting a group policy to enable "Audit Kerberos Authentication Service" and "Audit Kerberos Service Ticket Operations" 

 

My problem is this only shows users logging in to the joined domain/join point. 

There are two ways trusts and other users log in to domain machines - I want to track these users/IP addresses as well.

 

 

0 Helpful
3 Replies 3

Romzy
Cisco Employee
Cisco Employee

‎05-14-2021 04:51 PM

Unable to understand your question.

0 Helpful

JOHN PAUL MORRISON
Level 1
Level 1
In response to Romzy

‎05-14-2021 05:25 PM

ISE-PIC is joined to DOMAIN1

DOMAIN1 and DOMAIN2 have a two way trust

 

I only see identities/IP addresses for users in DOMAIN1. 
When a user logs in as DOMAIN1\username I don't see any session/IP address

0 Helpful

Greg Gibbs
Cisco Employee
Cisco Employee
In response to JOHN PAUL MORRISON

‎05-16-2021 04:28 PM

I assume you mean "When a user logs in as DOMAIN2\username I don't see any session/IP address". I that correct?

I'm no AD expert, but AFAIK ISE can use the two-way trust to query the directory in the second domain but I don't believe DOMAIN2 will share login events with DOMAIN1 for ISE to consume via Passive ID.

If you want to see login events for DOMAIN2, I would expect you would also need to have a DC from DOMAIN2 added using either WMI or the Agent.

0 Helpful
Customers Also Viewed These Support Documents