cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

User domain removed domain

athan1234
Beginner
Beginner

Hi

I removed a user of the domain  when I try to  Put them again into domain the Ise reject the user .why ? Is there any opción for solve it  ? 

7 REPLIES 7

marce1000
VIP Mentor VIP Mentor
VIP Mentor

 

 - Check the ISE logs for the particular authentication and also the backend authenticating services (MS AD?)
 M.

@marce1000 This problem happen when for any reason a few times the admin needs to get off a some user for update perfil or wethever after the the ise rejet the user

The log showing  the user try to connect via wired  802.1 x  an them try to via MAB and he is reject .

Is by Active Directory

 

 

 

 

 

 

Mike.Cifelli
VIP Advisor VIP Advisor
VIP Advisor

Can you share radius live log details of a failed attempt for this given user? Is the user account in AD activated/enabled? Is it possible that the user membership groups are not the same anymore, meaning that the user may not be a member of a respective security group used in your radius authz policies used for onboarding?

Hi @Mike.Cifelli  thanks for your reply .

This problem happen when for any reason  the admin needs to get off  some user for update  the perfil or wethever after the t ise rejet the user . for solve this problem  the user plug  his  pc on  a port without 8021.x configuration

 

 

Oh right - it looks like the supplicant on that Windows machine is trying to authenticate a user and that user either doesn't exist in AD, or the password is wrong. You should click on the "Details" icon against the failed "Soptec" user authentication.  I also wonder whether this is a domain account or a local account. e.g. does the Tech user login as .\Soptec or as  Soptec ?

athan1234
Beginner
Beginner

Hi @Arne Bier 

 

I recovered the log when it happened I cant get more information for the purge was 1 week ago and the problem was 10 days ago more on less .

I attach the log

 

 

The attached PEAP.png also shows that the client supplicant was configured to check the RADIUS server's certificate - and it did. And failed, because the client didn't have the CA cert(s) installed to trust the ISE EAP cert.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: