Identity-management shows only few users and hostnames per stack - how to made it to show them all?


Userlevel 4
Hello, everybody!

I have a stack of 5 summits X460-48t where identity-management was enabled yesterday. Almost all the ports are enabled and client PCs (Windows, domain members) are connected to them. In about 12 hours I got approximately 30 entries (please, see the attached.jpg), however, most of the ports are still "unauthenticated".

Is there any solution how to see windows username and hostname of the active PC, attached to the port? Now I see only domain, hostname, IP and MAC. But why do I see just few of them? There are about 250 ports total in the stack!

Please, share your ideas about the issue.

Many thanks in advance,

Ilya


4 replies

Userlevel 3
Hi Illya,

Do you see the information you are looking for if you enter the command "show identity-management entries detail"?

From the CLI reference guide:
The displayed Domain Name is displayed only if the client is discovered through Kerberos snooping or Dot1x and the domain name is supplied in the form of domain\user). The NetBIOS hostname is only displayed if this information was present in the Kerberos packets.

Regards
Tony
Userlevel 4
Tony Thornton wrote:

Hi Illya,

Do you see the information you are looking for if you enter the command "show identity-management entries detail"?

From the CLI reference guide:
The displayed Domain Name is displayed only if the client is discovered through Kerberos snooping or Dot1x and the domain name is supplied in the form of domain\user). The NetBIOS hostname is only displayed if this information was present in the Kerberos packets.

Regards
Tony

Hello, Tony!

Thank you for reply. It's very uncomfortable to get info from ~240 ports with "show identity-management entries detail" command because of huge output, strings from "show identity-management entries" are much better, it's just compact.

At the moment, I've partially solved the problem by adding IPs of all Active Directory DCs. Now it's about hundred ports for which I can see IP, MAC, domain and hostname per stack.

The strange things remain - from hundred authenticated hosts there are only few with accountName. I mean, for most ports I see IP, MAC, domainname, hostname, but very rare - usernames like DOMAIN\username.

There is a question appeared: may I bring the collected data to Netsight\OneView? It would be better to work with this data in browser...

Thank you very much!
Userlevel 3
Tony Thornton wrote:

Hi Illya,

Do you see the information you are looking for if you enter the command "show identity-management entries detail"?

From the CLI reference guide:
The displayed Domain Name is displayed only if the client is discovered through Kerberos snooping or Dot1x and the domain name is supplied in the form of domain\user). The NetBIOS hostname is only displayed if this information was present in the Kerberos packets.

Regards
Tony

Illya,

You're welcome. I assume you may be able to get this information in a Flexview in OneView. However, I don't know how to do that. Maybe another forum user may be able to help with that.

Regards
Tony
Userlevel 4
Tony Thornton wrote:

Hi Illya,

Do you see the information you are looking for if you enter the command "show identity-management entries detail"?

From the CLI reference guide:
The displayed Domain Name is displayed only if the client is discovered through Kerberos snooping or Dot1x and the domain name is supplied in the form of domain\user). The NetBIOS hostname is only displayed if this information was present in the Kerberos packets.

Regards
Tony

I've found the solution - https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-use-EXOS-and-IDM-to-see-end-systems...

Reply