I'm trying to let Cisco ISE 2.1.3 authenticate users via EAP-PEAP with MSCHAPv2 against eDirectory 8.8.8.9.
So I setup a UP policy with "Allow Admin to retrieve password" set to "yes" according to
https://www.novell.com/support/kb/doc.php?id=3009668

Another suggestion (in the Aruba community) was to add the "nspmPassword" attribute to the authentication source.
(https://community.arubanetworks.com/.../278119#M28194)

Unfortunately I cannot find a way to instruct the ISE to use the attribute "nspmPassword" for authentication. It's possible to add the attribute to the attribute list, but not to use it as the primary password attribute.
User auth always fails with RADIUS error "22043 Current Identity Store does not support the authentication method; Skipping it." on the ISE side.

Any suggestions?

Olaf