cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2013
Views
0
Helpful
2
Replies

Multiple Logins Showing in logs for Cisco ISE 2.4 using Novel eDirectory as an Ext ID Source

mrkaylor
Level 1
Level 1

I am running Cisco ISE 2.4 and using Novel eDirectory as an Ext ID Source. When I use that as my login source any failed login attempt shows up as 3 attempts in my tacacs live log and as three failed attempts in eDirectory. If I use local authentication (Internal User) and I fail I only see one attempt in my Live Log.  If the login is successful it only shows up once in the ISE logs and on the ldap server.  It's like ISE is sending multiple login attempts when the login fails.  I would think there must be a setting somewhere, but I can't find it.  I have other systems and scripts that use that same eDirectory server for logins and they work normally.  Any idea how to solve this issue?

2 Replies 2

Mike.Cifelli
VIP Alumni
VIP Alumni
I actually have the same situation using AD. Currently running ISE 2.3p5. However, I am not sure that this is an actual issue. If you dive into the details you may see that your authorization priv level changes once authorization has passed. For example, from priv 1 to priv 15. All of which depends on your AAA statements on your NAD and shell profiles within ISE.

hslai
Cisco Employee
Cisco Employee

Usually each log entry in ISE live logs represents a pair of a request and a response between ISE and NAD. Multiple entries would have meant NAD sending them. However, NAD would not know ISE using internal users or external ID source to auth the users.

I am unable to recreate in our lab pods using an external ID sources (i.e. AD and RADIUS token). Each failure is recorded in ISE T+ livelog only once. After each failure, the router will prompt again to enter the password.

If you are able to easily re-create this issue in your deployment, please engage Cisco TAC to troubleshoot.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: