AD authentication and Cisco ISE

abutterman
New Contributor III

We are in the process of configuring Cisco ISE on the network. In AD, we have 2 domains in the forest and there are often users that are in both domains. In Windows, if the users specifies domainusername and logs in, it goes through no problem and ISE detects all of the login information. On the Macs, we have both domains in the search policy and regardless of whether a user is in one or both domains, they simply log in with their username and password, not specifying the domain but ISE cannot detect which domain the user authenticated to. We have a config profile in JAMF for 802.1x set for network interface: ethernet, Use as a Login Window configuration, TTLS and PEAP checked off, inner authentication set to MSCHAPv2, CA Trust is checked, allow trust exceptions is checked, and a certificate payload is configured. Is there any way we can make it so the Mac will pass on the fully qualified domain information at login to ISE without stripping it to just the username?

0 REPLIES 0