Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco ACS 5.3 multiple AD domains

Hello everyone

I do have a quick question about Cisco ACS 5.3 and multi domain authentication. How is it exactly handled?

Can I join more than one domain with the ACS server? Or do I still need to configure that bidirectional trust relationship between those AD forests (even with the ACS 5.3)?

Thanks,

Markus

Everyone's tags (7)
2 ACCEPTED SOLUTIONS

Accepted Solutions

Re: Cisco ACS 5.3 multiple AD domains

Hi,

You can only join acs to a single domain. Here is a thread that will help you identify the trust you will need in order to get this working.

https://supportforums.cisco.com/thread/2162234

Thanks,

Tarik Admani

Please rate helpful posts

Sent from Cisco Technical Support iPad App

Tarik Admani *Please rate helpful posts*
VIP Purple

Cisco ACS 5.3 multiple AD domains

There could be another solution for the problem that the ACS5 can only join one domain: Query your different ADs through LDAP if possible.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni


--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni
5 REPLIES

Re: Cisco ACS 5.3 multiple AD domains

Hi,

You can only join acs to a single domain. Here is a thread that will help you identify the trust you will need in order to get this working.

https://supportforums.cisco.com/thread/2162234

Thanks,

Tarik Admani

Please rate helpful posts

Sent from Cisco Technical Support iPad App

Tarik Admani *Please rate helpful posts*
New Member

Cisco ACS 5.3 multiple AD domains

Hello Tarik

Thanks you for the quick response. The information in the link is very helpful and I have forwarded this to our windows AD group.

Regards,

Markus

VIP Purple

Cisco ACS 5.3 multiple AD domains

There could be another solution for the problem that the ACS5 can only join one domain: Query your different ADs through LDAP if possible.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni


--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni
New Member

Cisco ACS 5.3 multiple AD domains

Hello Karsten

Thanks for the hint, but using LDAP to query the AD has some limitations that I can not work around (if I remember correctly).

Regards,

Markus

Cisco ACS 5.3 multiple AD domains

Markus,

If you are using peap mschapv2 then you can not use LDAP.

Here is the link when it comes authentication protocol and database support -

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.3/user/guide/eap_pap_phase.html#wp1014889

thanks,

Tarik Admani
*Please rate helpful posts*

Tarik Admani *Please rate helpful posts*
3697
Views
0
Helpful
5
Replies
CreatePlease login to create content