ACS SE multiple windows databases

Answered Question
Nov 16th, 2009
User Badges:

Hi there


is it possible to have multiple windows databases on an ACS SE? The problem is, that we need access to two differen domains, that are not trusted and have no super domain.


Thanks a lot and best regards

Dominic

Correct Answer by Jagdeep Gambhir about 7 years 6 months ago

Hi,


We would require two way external/transitive trust between the two domains.


There are 2 ways to work around our problem:


1. Install another ACS at the remote site/domain and forward all the

requests for the users of remote domain to that ACS.


2. Configure partner domain as LDAP on the ACS (at corp site), this should not require domain trust. The only problem we will have certain authentication methods will not be supported when using ldap.


Here is the complete list of stuff which is supported with LDAP:


http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server​_for_windows/4.1/user/Overvw.html#wp824733​


Hope that helps!


Regards,

~JG


Do rate helpful posts

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Jagdeep Gambhir Mon, 11/16/2009 - 08:49
User Badges:
  • Red, 2250 points or more

Hi,


We would require two way external/transitive trust between the two domains.


There are 2 ways to work around our problem:


1. Install another ACS at the remote site/domain and forward all the

requests for the users of remote domain to that ACS.


2. Configure partner domain as LDAP on the ACS (at corp site), this should not require domain trust. The only problem we will have certain authentication methods will not be supported when using ldap.


Here is the complete list of stuff which is supported with LDAP:


http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server​_for_windows/4.1/user/Overvw.html#wp824733​


Hope that helps!


Regards,

~JG


Do rate helpful posts

Dominic Stalder Mon, 11/16/2009 - 09:20
User Badges:

Hi JG


thanks for your feedback. We now installed two more ACS' on virtual machines and forward all the domain.xx suffix requests to the remote domain.


Regards

Dominic

Actions

This Discussion