cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2460
Views
0
Helpful
4
Replies

ISE 1.1.1 - Error when changing password policy

rmcintos2969
Level 1
Level 1

ISE 1.1.1 connected to Active Directory for both Radius auth and Administration auth.  I have an internal monitor account and the default internal admin account.  When I go to Administration > Admin Access > Authentication > Password Policy and attempt to make any changes I receive the following error:

Error occurred: Unable to save configuration details. Authentication settings could not be saved since the currently configured external source is referred in one or more admin groups.

I assume the error is in regard to using AD to auth an admin group, but I'm not sure why it would interfere with the local password policy of internal users.  The AD connected admin group is a new admin group and not from a default existing group.

Thank you for any assistance.

4 Replies 4

Muhammad Munir
Level 5
Level 5

Hello Richard

If you have configured an external identity source such as LDAP   and want to use that as your
authentication source to grant access to the admin user, you must select that   particular identity
source from the Identity Source list box. Also please check the LDAP port.


Every Cisco ISE administrator account is assigned one or more   administrative roles. To perform the
operations described in the following procedure, you must have any one of the   following roles assigned:
RBAC Admin, Super Admin, or System Admin.

For more information, this link would be helpful to you:

http://www.cisco.com/en/US/docs/security/ise/1.1.1/user_guide/ise_ug.pdf

see page no: 148

Logging in with both internal and external users works just fine.  My problem is changing the password policy for local users as noted above.  The error occurs when changing said policy.

Why not prefer password policies in Google apps ? May it favorably works for you..Try it...It resolve your problem...

rmcintos2969
Level 1
Level 1

This is a known bug in ISE 1.1.x

The workaround is the ensure you're local admin account is enabled.  Log in with the internal admin account.  Then, under your Admin Groups change your external group to be an internal only group.  You can then change your password policy and save it.  Finally, enable your external admin group.

This is fixed in 1.2

Also, I've searched through the bug list and can't find any reference to this, but was told these instructions by TAC.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: