Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

ACS and two Windows Active Directory Domains

Can one ACS server authenticate users against two different AD domains? The server is a member server of one domain. We are not able to enumerate the groups from the second domain. There is a two way trust between the domains.

3 REPLIES

Re: ACS and two Windows Active Directory Domains

Is there a 2 way trust with the two domains, have you checked that the user that ACS uses to read and query the Domains lies on both domains and has read privileges?

New Member

Re: ACS and two Windows Active Directory Domains

We authenticate multiple domains like this, We have a proxy domain that contains the acs remote agents. The proxy domain trusts the domains to be authenticated against. In ACS you will be able to see all of the domains that the proxy trusts. When you go about mapping domain groups to acs groups you have to manually add the group name. ACS can enumerate the group to authenticate users, but ACS cannot seem to traverse multiple domains during the setup phase. Hope this helps.

Bob

New Member

Re: ACS and two Windows Active Directory Domains

are the users in multiple groups in the multiple domains, if so mapping should be done differently than you would if users were in a single group so that users are properly mapped to a group

294
Views
0
Helpful
3
Replies
CreatePlease to create content