Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
You may experience some slow load times, errors, and slight inconsistencies. We ask for your patience as we finalize the launch. Thank you.

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Cisco ISE Sponsor Portal – Active Directory Login help.

Hello,

We’re trying to setup our Sponsor Portal to query an Active Directory group for login credientials and having some trouble. Right now we’re receiving the error, “Sponsor authentication has failed : Sponsorgroup not found for user

Is there a configuration guide available explaining how to configure this?

Any help would be great.

Thanks,

Pete

  • AAA Identity and NAC
28 REPLIES

Cisco ISE Sponsor Portal – Active Directory Login help.

Pete,

Give this a try and see if this gets you rolling - http://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_guest_pol.html#wp1096365

Thanks,

Tarik Admani
*Please rate helpful posts*

Tarik Admani *Please rate helpful posts*
New Member

Re: Cisco ISE Sponsor Portal – Active Directory Login help.

I have that configured per the link you provided.

I'm still recieving the following error, "Sponsor authentication has failed :  Sponsorgroup not found for user"

I have an authorization policy setup however I don't think it's even making it that far.

Thanks,
Pete

Cisco Employee

Re: Cisco ISE Sponsor Portal – Active Directory Login help.

Do you see in the authentiaction details which AD groups were retrieved?

One suggestion. I see that the name you have given to the AD store is AD_washcty.local. May be worth trying a name that does not include a '.' character

New Member

Re: Cisco ISE Sponsor Portal – Active Directory Login help.

Does this screen cap help?  There is no Identity Group associated with the login request.

We've used 'AD_washcty.local' with all our other AD based authentication on ISE without issue.

Thanks again,

Pete

Cisco ISE Sponsor Portal – Active Directory Login help.

Pete,

That is interesting. Can you can post a screenshot of the "memberOf" section of this user account in Active Directory?

You can go to the AD settings in ISE to see which domain controller this ISE node is connected to. Also is this ISE node a standalone deployment?

Thanks,

Tarik Admani
*Please rate helpful posts*

Tarik Admani *Please rate helpful posts*
New Member

Cisco ISE Sponsor Portal – Active Directory Login help.

Hi jrabinow

we have the same problem and I did have "local.dir" as AD identity store name. I changed this do something else without a dot (.), but it didn't work too.

Regards

Dominic

New Member

Cisco ISE Sponsor Portal – Active Directory Login help.

Can you post a screen cap of the Sponsors Group Policy Page?

New Member

Cisco ISE Sponsor Portal – Active Directory Login help.

Hi Pete

offcourse, here we go:

Best regards

Dominic

New Member

Cisco ISE Sponsor Portal – Active Directory Login help.

Ok -  Under Settings->Sponsor->Authentication Source

What is the Identity Store Sequence set to?

5331
Views
15
Helpful
28
Replies