cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

350
Views
0
Helpful
2
Replies

Machine authentication without AD and cert

Hi there,

 

Have anyone encountered a situation where you don't have an AD (we use cloud based LDAP, not to mention it doesn't manage endpoints like AD does) and we don't want to use certs. So is there a way to authenticate machines against an ODBC source. Store machine UDID or any other UDID instead of username/password in the ODBC source and validate against it.

Let me know if anyone was in this situation and how you went on to resolve this?

 

Thanks in advance

Cheers,

Hari

1 ACCEPTED SOLUTION

Accepted Solutions
Jason Kunst
Cisco Employee

So you’re asking if we can authenticate without certificates or user credentials? The only way would be a possible lookup of MAC addresses using straight MAB.

Some example in this search - https://www.google.com/search?ei=ZufuXI3CJK-D5wK0zo3ICg&q=ise+odbc+mab&oq=ise+odbc+mab&gs_l=psy-ab.3..0i22i30.834.1383..1639...0.0..0.174.678.0j4......0....1..gws-wiz.......0i71j0i13j0i13i30j0i13i5i30j0i8i13i30.ePMvhU0LCBk

View solution in original post

2 REPLIES 2
Jason Kunst
Cisco Employee

So you’re asking if we can authenticate without certificates or user credentials? The only way would be a possible lookup of MAC addresses using straight MAB.

Some example in this search - https://www.google.com/search?ei=ZufuXI3CJK-D5wK0zo3ICg&q=ise+odbc+mab&oq=ise+odbc+mab&gs_l=psy-ab.3..0i22i30.834.1383..1639...0.0..0.174.678.0j4......0....1..gws-wiz.......0i71j0i13j0i13i30j0i13i5i30j0i8i13i30.ePMvhU0LCBk

View solution in original post

HI Jason,

 

Thank you for the reply and suggestion. We were exploring the possibility of using the anyconnect UDID to authenticate. But later because this is not possible we have decided to use UDID in authorization. 

 

Cheers,

Hari

Create
Recognize Your Peers
Polls
Which of these topics should we host an event in the Community?

Top Choice: pxGrid (36%)

Content for Community-Ad

ISE Webinars



Did you miss a previous ISE webinar?

CiscoISE YouTube Channel