Cisco Community
English
Register
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

537
Views
0
Helpful
4
Replies
danielnunes
danielnunes Beginner
Beginner
‎05-15-2013 08:34 AM
‎05-15-2013 08:34 AM

Condition to check Domain Machine

Hi guys,

please, wich is the best solution to know if a machine is member of the Microsoft AD Domain?

I am looking for something in ISE conditions but i couldn't see anything related.

thanks a lot

Labels:
0 Helpful
Reply
4 REPLIES 4
Highlighted
Jatin Katyal
Jatin Katyal Cisco Employee
Cisco Employee
‎05-15-2013 09:38 AM
‎05-15-2013 09:38 AM

Condition to check Domain Machine

do you only need to perform and match machine authentication ot machine plus user authentication from the MS ad domain.

The below listed screen shot is good example to understand machine and user. This is called machine access restriction.

https://supportforums.cisco.com/servlet/JiveServlet/showImage/2-3715106-99239/Machine%2BUser.jpg

If you only looking for machine authentication that we have to use condition with systemuser equals to host/

Jatin Katyal


- Do rate helpful posts -

~Jatin Katyal
0 Helpful
Reply
danielnunes
danielnunes Beginner
Beginner
‎05-15-2013 09:58 AM
‎05-15-2013 09:58 AM

Condition to check Domain Machine

Hi Jatin,

thanks a lot for your reply!

I'll test this and i'll send the results.

thanks

0 Helpful
Reply
danielnunes
danielnunes Beginner
Beginner
‎05-15-2013 11:17 AM
‎05-15-2013 11:17 AM

Condition to check Domain Machine

Hi Jatin,

please, could you answer me a question which i am a litlle confused about it?

Why does the Machine AD Domain verification isn't on Posture verification?

Because can i see the Machine AD verification like a posture requeriment? isn't it?

thanks

0 Helpful
Reply
askhuran
askhuran Beginner
Beginner
‎05-20-2013 04:38 AM
‎05-20-2013 04:38 AM

Condition to check Domain Machine

This can be accomplished in 2 ways:

Check whether the machine was authenticated. I agree with Jatin, he has provided helpful information

For more information follow this location

http://www.cisco.com/en/US/docs/security/ise/1.1.1/user_guide/ise_auth_pol.html#wp1063457

OR

Configure Profiling condition based on IP:FQDN attribte CONTAINS "ad-domain.com"

Review the following link:

https://supportforums.cisco.com/message/3940928#3940928

0 Helpful
Reply
Latest Contents
The year in cyber threats: A look back at the tools and tact...
Created by Kelli Glass on 12-13-2019 03:37 PM
0
0
0
0
How would your organization perform against the cyberattacks of 2019? Protect your organization in 2020 by learning about the biggest cyberthreats of the year. Read the latest Cisco Cybersecurity Report 
#CiscoChat Live: 2019 Cyber Threats of the Year
Created by Kelli Glass on 12-13-2019 03:19 PM
0
0
0
0
Join us live on Tuesday, December 17 at 9 am PT (and on demand after) to learn about the cyber threats of 2019 and how to defend your organization in the future.   Some cybercriminals have specific organizations in mind when they’re planning an attac... view more
#CiscoChat Live: 2019 Cyber Threats of the Year
Created by Kelli Glass on 12-13-2019 03:17 PM
0
0
0
0
Join us live on Tuesday, December 17 at 9 am PT (and on demand after) to learn about the cyber threats of 2019 and how to defend your organization in the future. Some cybercriminals have specific organizations in mind when they’re planning an attack. We l... view more
Stealthwatch Enterprise - what capabilities does it provide ...
Created by ben.greenbaum on 12-12-2019 11:27 AM
0
0
0
0
Threat Response integrates with Cisco Stealthwatch Enterprise (SWE) to provide Visibility into network threats. By adding an SWE module to Threat Response, investigators will be able to search for network flows to or from IP addresses that have been reco... view more
Monitoring Failover status (ASA Cluster, Active/Standby) by ...
Created by Oleg Volkov on 12-12-2019 02:26 AM
0
0
0
0
Hi.Want to know Failover cluster status? If You have PRTG do it in 5 min.Download my sensor.Deploy REST API to Your ASA,sAdd my sensor to PRTG and set parameters:In PRTG device settings add linux user and password (ASA user, which have read permissions)-u... view more
CreatePlease to create content
Discussion
Blog
Document
Video