ACS 4.2 - AD Cross Forest Authentication

Unanswered Question
Jan 20th, 2010
User Badges:

I have a requirement to authenticate wireless users who are members of a seperate AD forest.  The domain administrators have assured me that a two-way transitive trust is inplace between the forests.  I am having problems mapping groups from the new domain to ACS groups, it "Fails to enumerate the windows groups, please check installation documentation".  I have checked and double checked our installation against the instructions and I don't think I have missed anything on that count.

I have run some packet captures of network traffic during ACS services startup, as well as when attempting to map groups and there is no traffic to domain controllers in the other domain / forest.  Is this expected?  Is this supposed to be handled by the local domain?

Any further diagnosis tips, or things to try to try and pinpoint where I have gone wrong?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
tech-intercom Wed, 02/03/2010 - 02:39
User Badges:

maybe i have teh same problem.

my question is: the relationship betwen domain controllers must be two-way transitive or can be configured in other way?

in other words acs requires trust relationship two-way transitive?




This Discussion

Related Content