cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2123
Views
0
Helpful
4
Replies

Machine Authentication

Wasif.B
Level 1
Level 1

Hello everyone,

I am learning ISE, installed v2.4 VM, configured EAP-FAST, user is authenticating but the machine is not, wondering if anyone can help. 

 

Authentication Details

Source Timestamp2019-10-15 06:47:20.505
Received Timestamp2019-10-15 06:47:20.506
Policy ServerISE1
Event5200 Authentication succeeded
Usernamewasif,host/Test-Laptop
Endpoint Id00:0C:29:F3:22:33
Calling Station Id00-0C-29-F3-22-33
Endpoint ProfileMicrosoft-Workstation
IPv4 Address10.0.10.152
Authentication Identity Storehomelab-AD
Identity GroupWorkstation
Audit Session Id0A0063010000002601440902
Authentication Methoddot1x
Authentication ProtocolEAP-FAST (EAP-MSCHAPv2)
Service TypeFramed
Network Device3560-G
Device TypeAll Device Types#Wired
LocationAll Locations#Chicago
NAS IPv4 Address10.0.100.1
NAS Port IdGigabitEthernet0/1
NAS Port TypeEthernet
Authorization Profilehomelab-Limited
Posture StatusCompliant
Response Time5 millisecon

 

Other Attributes

ConfigVersionId79
DestinationPort1812
ProtocolRadius
NAS-Port50001
Framed-MTU1500
State37CPMSessionID=0A0063010000002601440902;28SessionID=ISE1/360474437/311;
NetworkDeviceProfileId403ea8fc-7a27-41c3-80bb-27964031a08d
IsThirdPartyDeviceFlowfalse
AcsSessionIDISE1/360474437/311
UseCaseEap Chaining
NACRadiusUserNamewasif
SelectedAuthenticationIdentityStoreshomelab-AD
SelectedAuthenticationIdentityStoresInternal Endpoints
SelectedAuthenticationIdentityStoresInternal Users
SelectedAuthenticationIdentityStoresGuest Users
AuthenticationStatusAuthenticationFailed
IdentityPolicyMatchedRulehomelab 802.1x
AuthorizationPolicyMatchedRuleCHAINING USER ONLY
CPMSessionID0A0063010000002601440902
EndPointMACAddress00-0C-29-F3-22-33
EapChainingResultUser succeeded and machine failed
ISEPolicySetNameWired
IdentitySelectionMatchedRulehomelab 802.1x
AD-User-Resolved-Identitieswasif@homelab.local
AD-User-Candidate-IdentitiesTEST-LAPTOP$@homelab.local
AD-User-Join-PointHOMELAB.LOCAL
AD-User-Resolved-DNsCN=wasif,DC=homelab,DC=local
AD-Groups-Nameshomelab.local/Employee
AD-Groups-Nameshomelab.local/Users/Domain Users
IsMachineIdentityfalse
UserAccountControl4096
TLSCipherECDHE-RSA-AES256-GCM-SHA384
TLSVersionTLSv1.2
DTLSSupportUnknown
HostIdentityGroupEndpoint Identity Groups:Profiled:Workstation
Network Device ProfileCisco
LocationLocation#All Locations#Chicago
Device TypeDevice Type#All Device Types#Wired
ExternalGroupsS-1-5-21-630241409-3634873573-2845902898-1106
ExternalGroupsS-1-5-21-630241409-3634873573-2845902898-513
IdentityAccessRestrictedfalse
RADIUS Usernameanonymous
Device IP Address10.0.100.1
Called-Station-ID00:13:C4:3C:D1:01
CiscoAVPairservice-type=Framed, audit-session-id=0A0063010000002601440902

 

Please if anyone can help me...giant thank you.

-Wasif.

 

1 Accepted Solution

Accepted Solutions

#Mat
Level 6
Level 6

Hi WSB! Do you check your XML file? How should your machine be authenticated?

Regards!

.

View solution in original post

4 Replies 4

#Mat
Level 6
Level 6

Hi WSB! Do you check your XML file? How should your machine be authenticated?

Regards!

.

Thank you Mat, I have resolved the issue. Thank you for your reply.

Panos Bouras
Level 1
Level 1
Hi,
Can you post the complete authentication results including the steps from the right column?
Did Anyconnect prompted you for a password during connection?
Also if your PC is Windows 10, did your perform the required registry settings for machine password, as per https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuw01496/?referring_site=bugquickviewredir ?
Registry changes:
Navigate in Regedit to HKEY_LOCAL_MACHINESystemCurrentControlSetControlLsa.
Add a new DWORD(32-bit) Value.
Type LsaAllowReturningUnencryptedSecrets, and then press Enter.
Right-click LsaAllowReturningUnencryptedSecrets, click Modify….
Type 1 in the Value data box, and then click OK.
Thank you,Panos.
Please Rate Posts (by clicking on Star) and/or Mark Solutions as Accepted, when applies

Thank you Panos it's all sorted.