Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2005
Views
20
Helpful
4
Replies

ISE unexpectedly queries AD from AuthZ policy

Andrii Oliinyk
VIP
VIP

‎08-30-2021 08:39 AM

Hi Guys

i have subject in 2.1 latest patch cube. aaatest'er gets successfully authenticated against internal identities store only. but within AuthZ-policy it unexpectedly queries AD which shouldnt ever happen from my pov. or did i miss something?

  ise-ad.jpg

Labels:
4 Replies 4

Arne Bier
VIP
VIP

‎08-30-2021 02:56 PM

Hi @Andrii Oliinyk 

 

You need to show us your Authorization Policy - if there is reference to an AD Group lookup, then of course it will query AD.

 

0 Helpful

Andrii Oliinyk
VIP
VIP
In response to Arne Bier

‎08-30-2021 08:45 PM

hi Arne

AuthZ policy is in the top of screenshot in the end of my initial msg. It refers to internaluser.name &device type only

 

Arne Bier
VIP
VIP
In response to Andrii Oliinyk

‎08-30-2021 11:41 PM

Oh yes of course - pre-ISE 2.3 - forgotten how that looked. You're right - there should not have been any AD involved.

Are you sure that you hit that "Switch AAA Test" and not something else (before, or after that Policy?)

Andrii Oliinyk
VIP
VIP
In response to Arne Bier

‎08-30-2021 11:47 PM

Hi Arne

absolutely sure. u can see from screenshot "15004 Matched rule - Switch AAA test " & there r no others similar

Customers Also Viewed These Support Documents