Solved: ISE Voip phones: authentication failed against AD

Giuliano Gerardi · ‎09-24-2012

the message is

2064 Authentication method is not supported by any applicable identity store(s): Authentication failed

the user is present on AD and testing user in ise is ok

the authentication rule to check in AD is created

policy servers are joined and in green status

if I create an internal user (just for testing) authentication is ok

my authentication sequence is:

mab

mab_ad

dot1x

dot1x_ad

those phones uses eap-md5

i guess there is something to check in AD, can someone help me to solve this?

Eduardo Aliaga · ‎09-28-2012

I don't think Active directory supports EAP-Md5.

I will recommend to use EAP-TLS instead. Most Cisco IP phones have builtin MIC certificates which really helps to deploy EAP-TLS

Eduardo Aliaga · ‎09-28-2012

I don't think Active directory supports EAP-Md5.

I will recommend to use EAP-TLS instead. Most Cisco IP phones have builtin MIC certificates which really helps to deploy EAP-TLS

Giuliano Gerardi · ‎09-29-2012

yes that is true however it supports eap md5 against internal database strange thing...

it won't have been a bad thing if it had the ability to turn over the eap-md5 request in another format like ldap...

thank you!!