Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3252
Views
0
Helpful
6
Replies

Using ISE to authenticate windows users (no Active Directory)

Go to solution
Tod Larson
Level 3
Level 3

‎10-13-2018 08:17 AM - edited ‎03-11-2019 01:50 AM

I am trying to design a system where we have lots of routers/switches but only a few windows machines.  We have a couple window PCs and servers for network management tools.  This network management system is independent and physically separate from our corporate active directory.  It's small enough so we don't need AD.  We have local logons and do local group policy to lock down the windows machines.  We use TACACS+ on ISE  for user authentical for the several hundred routers and switches, but we then have local accounts for the windows computers.    We don't want to deploy AD and have yet another thing to manage and patch (I get that isn't not super hard, but zero work is better).

 

Can we configure a windows computer to authenticate users against ISE?   

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee
In response to Tod Larson

‎10-14-2018 04:42 PM

Ok you’re looking for ise to act as a domain controller ? No this is not possible it’s not active directory. You would create local users to login to the machines and these accounts can match those on ise to login to the network

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee

‎10-13-2018 10:10 AM

Yes. Ise has an internal user store and that can be used
0 Helpful

Go to solution
Tod Larson
Level 3
Level 3
In response to Jason Kunst

‎10-14-2018 07:45 AM - edited ‎10-14-2018 07:46 AM

Can I use the ISE internal user store to authenticate a user logging into a Windows 10 laptop? 

0 Helpful

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee
In response to Tod Larson

‎10-14-2018 11:36 AM

Yes works the same way as AD just the user is created on ise internal database as a network access user .

https://www.cisco.com/c/en/us/td/docs/security/ise/2-3/admin_guide/b_ise_admin_guide_23/b_ise_admin_guide_23_chapter_01110.html
0 Helpful

Go to solution
Tod Larson
Level 3
Level 3
In response to Jason Kunst

‎10-14-2018 03:16 PM

Jason,

 

Thank you for posting but I'm not sure we are communicating.

 

I don't see in the link you provide where to configure my Windows 10 laptop to authenticate a Windows user with the ISE internal user store.  I want to be able to log into my windows laptop using ISE.   I would expect to have to configure some local Windows policy to point Windows at the ISE for authentication.  But I might be missing something.

 

Thank you.

 

0 Helpful

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee
In response to Tod Larson

‎10-14-2018 04:42 PM

Ok you’re looking for ise to act as a domain controller ? No this is not possible it’s not active directory. You would create local users to login to the machines and these accounts can match those on ise to login to the network
0 Helpful

Go to solution
Tod Larson
Level 3
Level 3
In response to Jason Kunst

‎10-15-2018 04:18 PM

That is what I was afraid of but at least now I know for sure. 

 

Thank you for the assistance.

0 Helpful
Customers Also Viewed These Support Documents