ISE 1.1.1 connected to Active Directory for both Radius auth and Administration auth. I have an internal monitor account and the default internal admin account. When I go to Administration > Admin Access > Authentication > Password Policy and attempt to make any changes I receive the following error:
Error occurred: Unable to save configuration details. Authentication settings could not be saved since the currently configured external source is referred in one or more admin groups.
I assume the error is in regard to using AD to auth an admin group, but I'm not sure why it would interfere with the local password policy of internal users. The AD connected admin group is a new admin group and not from a default existing group.
If you have configured an external identity source such as LDAP and want to use that as your authentication source to grant access to the admin user, you must select that particular identity source from the Identity Source list box. Also please check the LDAP port.
Every Cisco ISE administrator account is assigned one or more administrative roles. To perform the operations described in the following procedure, you must have any one of the following roles assigned: RBAC Admin, Super Admin, or System Admin.
For more information, this link would be helpful to you:
The workaround is the ensure you're local admin account is enabled. Log in with the internal admin account. Then, under your Admin Groups change your external group to be an internal only group. You can then change your password policy and save it. Finally, enable your external admin group.
This is fixed in 1.2
Also, I've searched through the bug list and can't find any reference to this, but was told these instructions by TAC.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...