05-26-2019 02:33 PM - edited 02-21-2020 11:06 AM
Hi Team,
We have a large enterprise customer that is using Wired EAP-TLS machine authC and wants to supplement the user identity using PassiveID for purely visibility purposes (not trying to combine the two credentials for authZ like 'EZC Chaining'). They are not using user certs due to various issues with enrollment, SaaS services like O365 installing new user certs and breaking EAP-TLS, etc.
Their AD environment is widely distributed and they have 20+ RODCs that perform the AD logon functions for remote branch PCs.
Am I correct in assuming that, if they want to use PassiveID, all distributed Domain Controllers would need to be configured for either WMI or with the Agent to share logon info with the centralised ISE cluster? Are there any other caveats or validated design aspects with this type of PassiveID implementation?
Solved! Go to Solution.
05-29-2019 06:14 PM
That is correct. All domain controllers that authenticate users will need to be monitored by ISE WMI or DC agent installed on the domain controllers. ISE supports up to 100 domain controllers I believe.
Ideally you could use a forwarded event server, but unfortunately the forwarded events go to a different log (forwarded events vs. security events) and ISE WMI or the DC agent don't know how to deal with that.
05-29-2019 01:28 PM
Sounds right, i believe should work but not something tested, I have forwarded to our SME as well on this
05-29-2019 06:14 PM
That is correct. All domain controllers that authenticate users will need to be monitored by ISE WMI or DC agent installed on the domain controllers. ISE supports up to 100 domain controllers I believe.
Ideally you could use a forwarded event server, but unfortunately the forwarded events go to a different log (forwarded events vs. security events) and ISE WMI or the DC agent don't know how to deal with that.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide