Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
865
Views
0
Helpful
0
Replies

ISE Selecting wrong authorization profile

g-hopkinson
Level 1
Level 1

‎02-09-2012 08:32 AM - edited ‎03-10-2019 06:48 PM

Hi,

We are testing ISE in a wired environment.

We have set up two authorization profiles called AD_Machine and AD_User as recommned in Trustsec 2.0 doc.  The AD_Machine policy has a condition set on it to look at the AD External Group AD Machines, likewise the AD_User has a condition to look at AD External Group AD Users.  At the end of the authorization policy list we have the default policy, this is set to WEBAUTH authorization profile.

What we see is machine auth is granted by the WEBAUTH policy as this is catch all.  If I disable WEBAUTH it picks AD_Machine, also if I enable WEBAUTH and remove the AD External Group AD Machines condition it also selects the correct policy.

There seems to be some kind of timing issue when authorizing against an external DB.

Any ideas?

Thanks.

Gary

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents