03-14-2012 05:04 AM - edited 07-03-2021 09:47 PM
The users belong to
Multiple AD domains. If we purchase WLC 2500 controller. Can I have one more WLANs authenticate to multiple radius or ad domains? I thought one WLAN/ ssid authenticate to single radius server. Please advise
Thanks
Sent from Cisco Technical Support iPhone App
03-14-2012 08:05 PM
Mustafa,
While you can configure multiple RADIUS servers in a ranked list per WLAN, the WLC will only try the currently active RADIUS server for that WLAN unless it is unreachable. If it is reachable a user does not exist per that RADIUS server's directory lookup, then the WLC will not try another RADIUS server to see if the user exists there.
You need to handle this from the RADIUS server or from the AD. I can think of two ways to solve this problem. There are probably other ways to do it.
Justin
03-21-2012 03:47 PM
Justin
If we create multiple domain trust. Is there a limit? How about if they are mire than two domains?
I know crazy senario.
What else can be done to simplified multi domain ad authentication issue?
Thanks
Sent from Cisco Technical Support iPhone App
03-21-2012 09:10 PM
Mustafa,
Yes, if I remember correctly, you can set up multiple trusts with Active Directory domains at the forest/domain level, e.g., A trusts B, A trusts C, A trusts D, etc. This could add processing and authentication time as your RADIUS server and AD move through several directories to find a match, but who knows, it may be quick as 2008 is considerably more advanced than 2000, when I last touched domain trusts.
Justin
03-31-2012 04:30 PM
Thanks Justin
Sent from Cisco Technical Support iPhone App
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide