cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

1347
Views
0
Helpful
2
Replies
Highlighted

ISE Voip phones: authentication failed against AD

the message is

2064 Authentication method is not supported by any applicable identity store(s): Authentication failed

the user is present on AD and testing user in ise is ok

the authentication rule to check in AD is created

policy servers are joined and in green status

if I create an internal user (just for testing) authentication is ok

my authentication sequence is:

mab

mab_ad

dot1x

dot1x_ad

those phones uses eap-md5

i guess there is something to check in AD, can someone help me to solve this?

Everyone's tags (6)
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Enthusiast

ISE Voip phones: authentication failed against AD

I don't think Active directory supports EAP-Md5.

I will recommend to use EAP-TLS instead. Most Cisco IP phones have builtin MIC certificates which really helps to deploy EAP-TLS

View solution in original post

2 REPLIES 2
Highlighted
Enthusiast

ISE Voip phones: authentication failed against AD

I don't think Active directory supports EAP-Md5.

I will recommend to use EAP-TLS instead. Most Cisco IP phones have builtin MIC certificates which really helps to deploy EAP-TLS

View solution in original post

Highlighted

ISE Voip phones: authentication failed against AD

yes that is true however it supports eap md5 against internal database strange thing...

it won't have been a bad thing if it had the ability to turn over the eap-md5 request in another format like ldap...

thank you!!