Hi,what use the AD join

Philip91 · ‎09-29-2015

Hello guys,

i use ISE with normal AD join. Right now Ad is running ldap. Will the communication between AD and ISE also work if i switch over to only allow ldap secure from AD site ?

Is there a way to configue it ?

I saw that when i configured lagacy ldap it is possible to enable or disable.

Thanks for your help

Greetings

Philip

Jason van den Berg · ‎09-29-2015

Hi,

You will need to change the port under connection settings to your LDAP ssl port and enable "Secure Authentications" with a trusted root ca between the two devices.

Regards,

Jason

Philip91 · ‎09-29-2015

Hello Jason,

you are speaking about legacy ldap connection right ?

But i mean when i use "AD Join" and switch that to ldap secure. Then there is no option to configure ldap secure. Do you have any idea ?

Greetings

Philip

Jason van den Berg · ‎09-29-2015

Hi,

This is correct. I misunderstood your question. This should not have an effect as you are not connected via LDAP.

Regards,

Jason

Philip91 · ‎09-29-2015

Hi,

what use the AD join instead of ldap ?

Watching the communication matrix shows that it uses ldap:

Protocol	Port (remote-local)	Target	Authenticated	Notes
DNS (TCP/UDP)	Random number greater than or equal to 49152	DNS Servers/AD Domain Controllers	No	—
MSRPC	445	Domain Controllers	Yes	—
Kerberos (TCP/UDP)	88	Domain Controllers	Yes (Kerberos)	MS AD/KDC
LDAP (TCP/UDP)	389	Domain Controllers	Yes	—
LDAP (GC)	3268	Global Catalog Servers	Yes	—
NTP	123	NTP Servers/Domain Controllers	No	—
IPC	80	Other ISE Nodes in the Deployment	Yes (Using RBAC credentials)	—

http://www.cisco.com/c/en/us/td/docs/security/ise/1-3/ISE-ADIntegrationDoc/b_ISE-ADIntegration.html#topic_93C0E5D51E264538B2A1AD9E585CD35B

Greetings

Philip

Jason van den Berg · ‎09-29-2015

Hi Philip,

I will need to do this in a lab environment to test, which I suggest you do to. As far as I am aware you should be good with kerberos and rpc.

Regards,

Jason

ISE Ad join with ldap Secure