hi, did you solve this?

MuhammadEisa · ‎11-04-2015

Hello all
in my company we have ASA 5545 with firepower module on
we made integration between the AD and the firesight. also we have clearpass and we integrate the AD with the AD to force raduice to all users from domain
the case now any user login from a device joined the domain events recorded everything by the username, but if come from other device not joined
the domain but go throw the radius and the radius authenticate from AD , why i dont see his name , i only get his IP

where is the problem in my case

should i look more at clearpass config , or it related to AD or to the firesight ?

help ASAP

Aastha Bhardwaj · ‎11-04-2015

Hi,

I dont think it will be Firesight , but to confirm you can first check the AD event logs and search for that username ,check if you see the LOGON event corresponding to it. If yes then you can check the User agent logs and check the same. If User agent polls the username then User agent will foward the same thing to the Firesight Manager.

Regards,

Aastha Bhardwaj

Rate if that helps!!!

MuhammadEisa · ‎11-07-2015

after checking the log file i found

Checking x.x.x.x for user momo @x Failed. Does admin have permission to see all processes on x.x.x.x

this log for non domain labtop, but auth by the clearpass radius

- logoff memo@x (x.x.x.x)

Checking x.x.x.x for user memo@x. Found

this log for joined domain device

so now is the problem related to the user i use to auth with the domain on asa
or it related to the domain it self that it cant resolve the non domain devices
it can resolve the joined domain perfect , so
is someone face this problem before ?

Aastha Bhardwaj · ‎11-09-2015

Hi,

I would recommend you to open up a case with Cisco TAC because we would need to check a few things before jumping on some conclusion.

Regards,

Aastha Bhardwaj

Rate if that helps!!!

MuhammadEisa · ‎11-10-2015

i will check and update here

Jose Carlos Sm de Lima · ‎03-24-2017

hi,

did you solve this?

AD & FireSIGHT Integration