Re: ACS 4.2 - AD Cross Forest Authentication

nrmdcs · ‎01-20-2010

I have a requirement to authenticate wireless users who are members of a seperate AD forest. The domain administrators have assured me that a two-way transitive trust is inplace between the forests. I am having problems mapping groups from the new domain to ACS groups, it "Fails to enumerate the windows groups, please check installation documentation". I have checked and double checked our installation against the instructions and I don't think I have missed anything on that count.

I have run some packet captures of network traffic during ACS services startup, as well as when attempting to map groups and there is no traffic to domain controllers in the other domain / forest. Is this expected? Is this supposed to be handled by the local domain?

Any further diagnosis tips, or things to try to try and pinpoint where I have gone wrong?

Thanks,
Michael

tech-intercom · ‎02-03-2010

maybe i have teh same problem.

my question is: the relationship betwen domain controllers must be two-way transitive or can be configured in other way?

in other words acs requires trust relationship two-way transitive?

bye,

Luca

ACS 4.2 - AD Cross Forest Authentication

Nexus Dashboard: acs コマンドについて (version 3.x)

802.1x Wired Authentication on a Cisco switch 3550 With ACS 4.2

APIC、Swtichのアップグレード (from Version 4.2)

Umbrella: Virtual Appliance と AD Connector の新しい認証方式について

4. Introducing Cisco ISE Policy - 4.1 & 4.2