Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
508
Views
0
Helpful
2
Replies

Local Users (belongs to domain) on ISE cannot derive Password from Windows Database

MANSOORQ123
Level 1
Level 1

‎08-07-2013 12:36 PM - edited ‎03-10-2019 08:44 PM

Dear Support Team

We are in the progress of Migrating ACS4.2 to ISE3355 running 1.1.4. We have SSL VPN Users & Wireless Users to be migrated.

ISE 1.1.4 is already integrated with AD Windows 2008 and can see all the groups defined on AD.

1: in ACS 4.x & even 5.x, we have option to add a user locally (users belonging to domain) , and  we can configure user’s password to be derived from Windows Database. It helps to control AAA Policies.

It also helps to avoid configuring "users" in specific groups on AD and as a result no dependency on System Team to configure users in specific groups, which can be used in policy making on ISE.

However while doing the same, I could not find an option in ISE 1.1.4. Password cannot be derived from windows database. Password has to be set manually, that clearly means that i have to arrange the users in specific group on AD.

Is it a platform specific issue or am I missing something ?

Thanks in advance for your valuable time to look into this issue.

Ahad....

Labels:
0 Helpful
2 Replies 2

MANSOORQ123
Level 1
Level 1

‎08-08-2013 01:04 AM

It seems that i have to open a TAC case to get cisco official explanation on this feature, it was a nice feature, which has been unnecessarily deprecated.

Any Inputs from anyone, who has similiar requirement, Please share it here.

Regards

Ahad

0 Helpful

blenka
Level 3
Level 3

‎08-14-2013 12:10 PM

ISE: Using Internal Identity User can gain access to Admin Dashboard

This fix addresses the issue where internal users gain access to the Cisco ISE Admin portal Home page when they are not mapped to any Cisco ISE administrator group.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents