11-12-2019 07:26 AM - edited 11-12-2019 07:32 AM
CSCvh91118 implies (but doesn't explicitly state) that from ISE 2.4 patch 6, you can permanently enable the Disclose invalid usernames option. The pop-up help has also removed references about this option being limited to 30 minutes.
This option is not working however; RADIUS Live Logs still mask the invalid username, even when testing within ~5 minutes of enabling it. Unlike the previous behavior, the checkbox stays ticked after 30 minutes so that doesn't appear to be the problem.
Can anyone running ISE 2.4 patch7+ confirm whether the option works for them please?
CSCvo24097 doesn't appear to be at play as it appears CSCvo24097 is what drove the enhancement request that CSCvh91118 discusses.
11-12-2019 07:56 AM
I have two deployments right now that have this enabled. One is on 2.4 patch 9 and another on 2.4 patch 10. Both work correctly assuming I am looking at new authentications, it doesn't unmask old ones.
11-12-2019 09:53 AM
I assume you're using the AD connector?
It might be different with the LDAP connector I suspect.
11-12-2019 08:04 AM
If you are still having issues with this option, please contact the TAC to troubleshoot further.
-Regards,
Tim
11-12-2019 09:54 AM - edited 11-12-2019 09:55 AM
Thanks - can you confirm this is a known bug (with the LDAP connector at least)?
11-14-2019 01:57 AM
Does anyone have this working with the LDAP connector?
01-23-2020 01:49 AM
02-06-2020 01:35 AM
Hi, was there a bug ID? I am running 2.6 patch3 and still seeing the issue.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide