Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
7840
Views
5
Helpful
16
Replies

ISE - TACACS Authorization Domain Issues

Go to solution
bradleyordner
Level 3
Level 3

‎03-22-2018 07:28 PM - edited ‎02-21-2020 10:51 AM

I have a user in another AD domain, which we have visibility of from the ISE. The user is identified and authenticated correctly via this sub domain. When it moves to authorization the exact same domain is checked for identification and now gets an error. 

 

Authentication passing - 

 

24313 Search for matching accounts at join point - ad.company.com
24320 Multiple matching accounts in forest - ad.company.com  

 

Authorization failing - 

 

  24313 Search for matching accounts at join point - ad.company.com
  24317

LDAP search in domain failed - ad.company.com,ERROR_DOMAIN_IS_OFFLINE

 

  

Is there any checks or logs I can find to debug this? It happens everytime I check and its checking the same domain as it authenticated against. 

 

 

 Thanks

 

Brad

Labels:
0 Helpful
16 Replies 16

Go to solution
sean.a.martin
Level 1
Level 1
In response to Francesco Molino

‎07-22-2019 11:19 AM

This fix didn't work for me, I am at the most current patch and have rebooted multiple times. I found that if I disable other whitelisted domains it allows me to authenticate. However, it isn't a valid fix. I need to have the ability to authenticate to multiple domains.

0 Helpful

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni
In response to sean.a.martin

‎07-23-2019 02:44 PM

What version are you running?
Did AD connector test is ok on all tests?
If you test an authentication from the AD connector tool, does that work?

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful
Customers Also Viewed These Support Documents