1

We have setup a Cisco Identity Services Engine to manage WLAN access for our users. Access should be granted to users from a specific Windows Active Directory group. This works fine for users having a username consisting only of ASCII letters. However, user names having e.g. an umlaut fail. The live authentication log shows an error "22056 Subject not found in the applicable identity store(s)".

Any idea what could be wrong? (And, no, renaming all non-ASCII users is not an option)

Hagen von Eitzen
  • 816
  • 3
  • 15
  • 41
  • As the work-around of renaming the users is not an option -- and I agree it is not ideal... This is a case where you would likely be served best by contacting Cisco support directly. – jscott Jan 03 '13 at 12:25
  • I was afraid it might as well be a windows AD issue, so I wanted to take a start at a "neutral" forum. :) – Hagen von Eitzen Jan 03 '13 at 12:49
  • We've AD users with non-ASCII chars (é is popular) that work great until you're connecting with 3rd party systems. – jscott Jan 03 '13 at 13:04
  • @jscott Yeah, but in my experience everything is correct at least via ldap protocol ... – Hagen von Eitzen Jan 03 '13 at 13:06
  • Yes, it's not a problem with the protocol... It always seems to be issues with the application implementation on the "other" side. – jscott Jan 03 '13 at 13:08

1 Answers1

1

The solution is surprisingly simple: Users with Umlauts in ther name automatically can login with their usual login name with umlauts replaced (e.g. "Müller" becomes "Muller"). So renaming users in AD is not necessary, they just have to be informed to type the modified username in the WLAN login. (They could also do the same in any normal windows login, which may come in handy when they need to do a remote login from abroad where they don't have umlauts available on the keyboard).

Hagen von Eitzen
  • 816
  • 3
  • 15
  • 41