02-21-2013 12:34 AM - edited 03-10-2019 08:06 PM
Hi there ,
I got a WLC conntect with a Cisco ISE. There are two SSID authenticated against the ISE.
One SSID has AD-Integration as External Identity Source, the other SSID is authenticated through LDAP.
Authentication ist working fine.
When an user authenticates through LDAP, he/she has to enter "username@domain". The protocol is EAP-GTC.
How can I change the ISE that the user has only to enter "username" and the "@domain" part ist already set on the ISE?
Thansk a lot,
Norbert
Solved! Go to Solution.
02-01-2023 05:19 PM
I was having the same problem with ISE 3.1 while doing a TACACS POC using LDAP to windows AD for authentication. I wanted to be able to able to login with "username" instead of "username@domain".
*Assumption is being made that you have already created your LDAP connection to Windows AD.
Go to: External Identity Sources > Active Directory > LDAP > LDAP Identity Source "You Created" > General > Schema "Should be Active Directory > Drop Down Schema.
I changed the default "Subject Name Attribute" from "userPrincipalName" to "sAMAccountName" after referencing the ISE troubleshooting guide below.
After saving the change, you should be able login with just "username" now.
02-21-2013 03:14 AM
From the user guide it seems that LDAP only allows you to strip the prefix/suffix and can't add the suffix.
http://www.cisco.com/en/US/docs/security/ise/1.1/user_guide/ise_man_id_stores.html#wp1054421
* | Strip start of subject name up to the last occurrence of the separator | ||
* | Strip end of subject name from the first occurrence of the separator |
Regards,
Jatin
Do rate helpful posts-
03-04-2013 05:42 AM
I have found it.
Under the LDAP Identity Source, tab General, Subject Name Attribute, "CN" must be entered.
Greets,
Norbert
02-01-2023 05:19 PM
I was having the same problem with ISE 3.1 while doing a TACACS POC using LDAP to windows AD for authentication. I wanted to be able to able to login with "username" instead of "username@domain".
*Assumption is being made that you have already created your LDAP connection to Windows AD.
Go to: External Identity Sources > Active Directory > LDAP > LDAP Identity Source "You Created" > General > Schema "Should be Active Directory > Drop Down Schema.
I changed the default "Subject Name Attribute" from "userPrincipalName" to "sAMAccountName" after referencing the ISE troubleshooting guide below.
After saving the change, you should be able login with just "username" now.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide