Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1027
Views
0
Helpful
2
Replies

ISE and Two distinct Windows Domains

nowcommsupport
Level 1
Level 1

‎12-04-2012 06:51 AM - edited ‎02-21-2020 04:47 AM

All,

I have a customer who wants to integrate ISE with two seperate Windows Domains, they have no trust releationship. We can integrate with one of the domains and can make use of LDAP for the other but can only get Machine Authentication working with the domain with the full integration. Machine authentication will not work with LDAP, only user authentication. The problem is the config of the switches places the client in the guest network as they fail machine auth and then client auth is not recognised by the switch. I'm thinking about either not going direct to MAB if a user fails machine auth or diabling guest all together as the porblem is a guest with a dot1x suplication is not given guest access in a timely mannor without this command. Another option I have thought about is to use the radius token external identity store to talk to a Cisco ACS server attached to the other domain.

Any help would be greatly appreciated

Thanks

Simon                  

0 Helpful
2 Replies 2

jan.nielsen
Level 7
Level 7

‎12-05-2012 12:23 PM

When you use LDAP for AD authentication, you are limited to using EAP-TLS (certificates) or EAP-GTC (plain text passwords), so if you are at all concerned about security you will use EAP-TLS.

0 Helpful

jan.nielsen
Level 7
Level 7
In response to jan.nielsen

‎12-05-2012 12:24 PM

Here's the list of which methods are supported when using different kinds of user databases :

http://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_man_id_stores.html#wp1053140

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card