Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
943
Views
0
Helpful
2
Replies

ISE and Two distinct Windows Domains

nowcommsupport
Beginner
Beginner

‎12-04-2012 06:51 AM - edited ‎02-21-2020 04:47 AM

All,

I have a customer who wants to integrate ISE with two seperate Windows Domains, they have no trust releationship. We can integrate with one of the domains and can make use of LDAP for the other but can only get Machine Authentication working with the domain with the full integration. Machine authentication will not work with LDAP, only user authentication. The problem is the config of the switches places the client in the guest network as they fail machine auth and then client auth is not recognised by the switch. I'm thinking about either not going direct to MAB if a user fails machine auth or diabling guest all together as the porblem is a guest with a dot1x suplication is not given guest access in a timely mannor without this command. Another option I have thought about is to use the radius token external identity store to talk to a Cisco ACS server attached to the other domain.

Any help would be greatly appreciated

Thanks

Simon                  

0 Helpful
2 Replies 2

jan.nielsen
Rising star
Rising star

‎12-05-2012 12:23 PM

When you use LDAP for AD authentication, you are limited to using EAP-TLS (certificates) or EAP-GTC (plain text passwords), so if you are at all concerned about security you will use EAP-TLS.

0 Helpful

jan.nielsen
Rising star
Rising star
In response to jan.nielsen

‎12-05-2012 12:24 PM

Here's the list of which methods are supported when using different kinds of user databases :

http://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_man_id_stores.html#wp1053140

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers
Spotlight Award Nomination
Customers Also Viewed These Support Documents