Guest

Preview Tool

Cisco Bug: CSCul03597 - LDAP user authorisation doesn't work with EAP-FAST chaining

Last Modified

May 24, 2018

Products (1)

  • Cisco Identity Services Engine

Known Affected Releases

1.2(0.889)

Description (partial)

Symptom:
LDAP user authorisation doesn't work with EAP-FAST chaining

Conditions:
1) ISE 1.2
2) Configuring enable EAP-FAST chaining on ISE
3) configure anyconnect profile for EAP-FAST ( machine authentication EAP-TLS , user authentication EAP-GTC (ldap)
4) ISE will not be able to retreive the user attribute for the user authentication and thus it is unable to match the right authorisation profile
5) tcpdump show that ISE is communicating with the LDAP but on the authentication details no ldap attirbutes are retrieved
6) if we remove the chaining LDAP authorization work fine for the user
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.