Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3726
Views
0
Helpful
4
Replies

Cisco ISE Detected Host Lookup problem

alik_prochazka
Level 1
Level 1

‎05-15-2014 05:09 AM - edited ‎02-21-2020 05:11 AM

Hi,

I have a problem. Sometimes it happen, when PC was authenticated by dot1x, it is invoked after some time event "Detected Host Lookup UseCase (Service-Type = Call Check (10))" and then falls to MAB. After calling this event the AD station logs using mac addresses. Correctly must be by AD user name.

 

I use a supplicant Cisco Anyconnect. 

My id stores is Active Directory.


Thanks

 

11001 Received RADIUS Access-Request
  11017 RADIUS created a new session
  11027 Detected Host Lookup UseCase (Service-Type = Call Check (10))
  15049 Evaluating Policy Group
  15008 Evaluating Service Selection Policy
  15048 Queried PIP
  15048 Queried PIP
  15004 Matched rule
  15048 Queried PIP
  15048 Queried PIP
  15004 Matched rule
  15041 Evaluating Identity Policy
  15006 Matched Default Rule
  15013 Selected Identity Source -
  24432 Looking up user in Active Directory - 28:D2:44:64:DA:87
  24412 User not found in Active Directory
  24210 Looking up User in Internal Users IDStore - 28:D2:44:64:DA:87
  24216 The user is not found in the internal users identity store
  24631 Looking up User in Internal Guests IDStore
  24633 The user is not found in the internal guests identity store
  22016 Identity sequence completed iterating the IDStores
  22056 Subject not found in the applicable identity store(s)
  22058 The advanced option that is configured for an unknown user is used
  22060 The 'Continue' advanced option is configured in case of a failed authentication request
 
4 people had this problem
0 Helpful
4 Replies 4

franklinb
Level 1
Level 1

‎09-15-2014 12:55 AM

I have a similar problem but we use the native Windows supplicant, and ISE 1.2 with AD objects.

 

The machine authenticates fine when it wants to. I checked the logs and found it had failed 80-90% of attempts over the weekend.

 

Is this a timeout issue? The machine is apparently quite a mess so could potentially be responding too slowly to auth attempts.

Switch in question is a 3750G/3750E mixed stack

 

 11001Received RADIUS Access-Request
 11017RADIUS created a new session
 11027Detected Host Lookup UseCase (Service-Type = Call Check (10))
 15049Evaluating Policy Group
 15008Evaluating Service Selection Policy
 15048Queried PIP
 15048Queried PIP
 15048Queried PIP
 15004Matched rule
 15041Evaluating Identity Policy
 15006Matched Default Rule
 15013Selected Identity Source - Internal Endpoints
 24209Looking up Endpoint in Internal Endpoints IDStore - D0:67:E5:xx:xx:xx
 24211Found Endpoint in Internal Endpoints IDStore
 22037Authentication Passed
 15036Evaluating Authorization Policy
 15048Queried PIP
 15048Queried PIP
 15048Queried PIP
 15048Queried PIP
 15048Queried PIP
 15004Matched rule - Default
 15016Selected Authorization Profile - DenyAccess
 15039Rejected per authorization profile
 11003Returned RADIUS Access-Reject
0 Helpful

alik_prochazka
Level 1
Level 1
In response to franklinb

‎09-15-2014 12:55 AM

Hi franklinb,

 

I have this problem only on switches Catalyst 2960-C and you?

0 Helpful

franklinb
Level 1
Level 1
In response to alik_prochazka

‎11-10-2014 05:58 PM

No - for me it's on a stack of 3750G's

0 Helpful

alik_prochazka
Level 1
Level 1

‎11-06-2014 04:08 AM

My problem was fixed. I downgraded IOS from 15.2 on 15.0 and added commands radius-server vsa send accounting, radius-server vsa send authentication. When I added this commands into 2960-C (IOS 15.2) and I looked on "sh run" this command weren`t there.

 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card