06-10-2009 10:33 AM - edited 03-10-2019 04:32 PM
Hello All -
Is there a way for Cisco ACS v 4.1 to authenticate users in different AD domains without having a trust relationship between the different domains?
Any help will be appreciated!
06-10-2009 10:36 AM
Yes, just configure as normal and add each domain.
06-10-2009 10:46 AM
Thanks for your prompt response.
Can you elaborate on what you mean by "just configure as normal and add each domain".
When I go under External User Databases->Database Group Mappings -> Windows Database -> New configuration, I don't see all the domains listed. The only domain listed is the one where ACS is installed.
I can manually specify the other domain name, but will that really work? How will the ACS server know how to reach the other domains with which it does not have a trust relationship?
Thanks!
06-10-2009 11:33 AM
After some digging, apparently we have trusts between the domains. We can just see and add them. According to the documentation, only the domain in which ACS is a member of can authenticate users. Indirect trusts will work, remote agent if you're using the appliance, or LDAP which has some limitations.
06-10-2009 02:09 PM
Hi,
We would require two way external/transitive
trust between the two domains.
There are 2 ways to work around our problem:
1. Install another ACS at the remote site/domain and forward all the
requests for the users of remote domain to that ACS.
2. Configure partner domain as LDAP on the ACS (at corp site), this
should not require domain trust. The only problem we will have certain
authentication methods will not be supported when using ldap.
Here is the complete list of stuff which is supported with LDAP:
http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_serverâ_for_windows/4.1/user/Overvw.html#wp824733â
Hope that helps!
Regards,
~JG
Do rate helpful posts
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide