ACS and two Windows Active Directory Domains

Unanswered Question
Jan 28th, 2009
User Badges:

Can one ACS server authenticate users against two different AD domains? The server is a member server of one domain. We are not able to enumerate the groups from the second domain. There is a two way trust between the domains.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Ivan Martinon Mon, 02/02/2009 - 17:59
User Badges:
  • Cisco Employee,

Is there a 2 way trust with the two domains, have you checked that the user that ACS uses to read and query the Domains lies on both domains and has read privileges?

frbilbrey Thu, 03/05/2009 - 15:43
User Badges:

We authenticate multiple domains like this, We have a proxy domain that contains the acs remote agents. The proxy domain trusts the domains to be authenticated against. In ACS you will be able to see all of the domains that the proxy trusts. When you go about mapping domain groups to acs groups you have to manually add the group name. ACS can enumerate the group to authenticate users, but ACS cannot seem to traverse multiple domains during the setup phase. Hope this helps.

Bob

aneelaka Fri, 03/06/2009 - 15:12
User Badges:

are the users in multiple groups in the multiple domains, if so mapping should be done differently than you would if users were in a single group so that users are properly mapped to a group

Actions

This Discussion