07-13-2018 07:55 AM - edited 07-05-2021 08:51 AM
Good Morning,
I am currently working with a Distributed ISE Node Setup (2 Nodes) in a Dual Domain organization (Academic Users separated from Administrative Users). I am attempting to use a Single SSID on my WLC for 802.1X logins and have been attempting to allow users from domain X and Domain Z to both authenticate to the SSID which will then ideally tag them with the appropriate VLAN.
That is the end goal for the moment but currently, I have run into the following Issue:
ISE Version 2.2.0.470
Patch Information None
14:32:14:652: Identity resolution detected multiple matching accounts
Error: A Duplicate User Record Was Found
I have a test account setup on both Domains using the same credentials. They are using different mailing addresses and have some attributes that help make them unique but ideally, I will have to come up with a solution to this while maintaining my dream of a Single 802.1X SSID for the organization.
Does anyone have any experiences or suggestions with how to deal with duplicate accounts across joined domains on ISE? I can provide logs and additional information as needed.
Thank you for taking the time to read this.
07-13-2018 01:38 PM - edited 07-13-2018 01:40 PM
Though it is not related to your issue,I would highly recommend to apply latest patch (i think patch 9) to your ISE 2.2 environment.
"I have a test account setup on both Domains using the same credentials."
Do you expect this to be the case in your live setup (users will have same credentials in both domains). Typically different users will be in different groups in AD
Here is Cisco ISE AD Integration document that you should refer
HTH
Rasika
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide