Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ACS 5.5 joined to multiple AD domains

Hi All,

I am currently doing EAP-TLS for user and machine authentication for my wireless clients

due to changes my users are now in one AD domain whilst machines are members of another AD domain,

is it possible for ACS 5.5 to be a member of multiple domains so that EAP-TLS can still function.

Authenticate machines in AD-1 and users in AD-2



ACS 5.5 joined to multiple AD domains

New Member

ACS 5.5 joined to multiple AD domains

Hi Kashif,

so with closer reading, LDAP integration is what should be used when external identity stores are two different AD domains that don't trust each other and  if the domains do trust each other ACS 5.5 now  support multiple AD domain integration. ?

New Member

ACS 5.5 joined to multiple AD domains

In the end the outgoing and incoming trusts were setup on the two AD domains

the ACS remained joined to a single domain, but I had to install the root certificate from the other domain

has one of the known certificate authorities. After that machine authentication via EAP-TLS on domain-A worked

and the user authentication on domain-B with "was machine authenticated = True" checked also worked.