Hello,

We have ISE 2.3 configured as RADIUS server to authenticate users to the WLC 8.2 through 802.1x authentication.

In order to manage more than 1000 users, we benefit from Active directory and we created Active Directory as external identity source on ISE.

To manage user's sessions we set the maximum per user session to 2.

The users are able to login with their active directory account. the maximum per session policy worked fine and we can monitor on live log.

The problem that we are facing when the user share their username and password and try to play on the case insensitive or case aware of the Active directory.

Example:

(username: test) can have 2 sessions. when the same username but with first character change (username: Test) can have another 2 session. The same username test with changing the last character (username: tesT) can have another 2 session.

In this case as long as the username can change his usre's character as long as he is getting more device connected, in this scenario the maximum per user session is useless and it is like set to unlimited.

Would you please help to configure the maximum per user for the external identity source on ISE in my scenario for the active directory and allow only the active directory username to have maximum 2 session even when the users try to enter lower or upper case for their username.

Thanks.