Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Cisco ISE iPads Active Directory Integration

This might not be the appropriate place for this question but I am hoping someone else has had a similar issue.  We have our Cisco WLC and ISE integrated using our Active Directory for the Idenity Store.  I have create a profile for the iPads that has the Root CA for our internal Domain and I am able to deploy it without issue and the user puts in their username/password and they are able to connect.  The problem I am having is when the password is changed for the end user, example my password expired and I changed it using my windows 7 laptop.  Now the iPad has the old password stored and it will not let me connect.  We are in the process of changing over from Free Radius as our authentication method for Wireless and when the same scenario occurs with the FreeRadius server the iPad will prompt for the password after it fails authentication.  From what I could tell ISE didn't do this.  We are using PEAP and from the setup I have found that on a PEAP connection failure for Authenticaton there is only reject, does this mean that ISE will always reject the connection if invalid credentials are supplied?

I don't believe there is a way on the iPad to put in new credentials unless you "Forget" the network, and from what I can tell this is not possible if the Network was install with a profile, therefore the only option is to remove the profile.  Now how does the end user get the profile if they have no connection to the network?  Is there a way for ISE to see that the user is valid but the password isn't and prompt back to the iPad for the correct password?




Cisco ISE iPads Active Directory Integration

I the authentication failed reports, if you check the details you can see the reason of failed authentication.

New Member

Re: Cisco ISE iPads Active Directory Integration

I know why the authentication fails, the password stored on the iPad is not correct because the user has had to change the AD password due to expiration. Since this is a failed login and we are using PEAP, will ISE only reject the connection with no communication back to the supplicant/iPad?

Sent from Cisco Technical Support iPad App