03-25-2019 11:13 AM
I am running Cisco ISE 2.4 and using Novel eDirectory as an Ext ID Source. When I use that as my login source any failed login attempt shows up as 3 attempts in my tacacs live log and as three failed attempts in eDirectory. If I use local authentication (Internal User) and I fail I only see one attempt in my Live Log. If the login is successful it only shows up once in the ISE logs and on the ldap server. It's like ISE is sending multiple login attempts when the login fails. I would think there must be a setting somewhere, but I can't find it. I have other systems and scripts that use that same eDirectory server for logins and they work normally. Any idea how to solve this issue?
03-26-2019 11:16 AM
03-30-2019 07:51 PM
Usually each log entry in ISE live logs represents a pair of a request and a response between ISE and NAD. Multiple entries would have meant NAD sending them. However, NAD would not know ISE using internal users or external ID source to auth the users.
I am unable to recreate in our lab pods using an external ID sources (i.e. AD and RADIUS token). Each failure is recorded in ISE T+ livelog only once. After each failure, the router will prompt again to enter the password.
If you are able to easily re-create this issue in your deployment, please engage Cisco TAC to troubleshoot.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide