We have a wireless network that uses ISE for PEAP authentication (username/password). We started receiving reports of AD account lockouts for a few users. After digging into it we found that ISE was showing that the clients entered invalid passwords. This is where it gets weird.... We worked with the users to ensure they had the proper passwords. It seems that iOS devices specifically are having an issue where they are able to connect successfully initially but after some time the phones start sending invalid credentials. The phones will keep trying to authenticate and it eventually leads to a lockout in AD. Has anyone seen this time of issue specifically related to ISE, iOS, and PEAP?
EDIT: At this point I don't think the phones have invalid credentials stored, it almost look as if they are abandoning their PEAP sessions which is causing the invalid password to trigger.
No comments:
Post a Comment