Re: ACS 4.2 multiple AD domain authentication

jeremys8137 · ‎02-04-2013

I have acs 4.2 for windows installed on a windows server 2003 box, because of a merger I need to now authenticate against 2 different domains, there is a bidirectional trust between the two domains and the dial-in permission has been set in ADUC but whenever I try to authenticate a user it says dial-in permissions needed in the acs failed authentication log. I think it's an AD issue but i can't know for sure as i'm not a windows guy, any suggestions?

kcnajaf · ‎02-05-2013

Hi Jeremy,

The 2003 box where you have installed ACS, is this server part of both domains which you wanted the users to be autheticated?

Have you enabled the dial in permission on the ACS as well as per the screenshot below?

Regards

Najaf

Please rate when applicable or helpful !!!

jeremys8137 · ‎02-05-2013

Najaf,

On the login screen for the server it has both domains in the drop down menu so I believe it is, and yes I have enabled the dial-in permissions check box under the database configuration screen

kcnajaf · ‎02-05-2013

Hi Jeremy,

In that case this should work...Do you have trouble with both domain or only with the new domain you are seeing these login failed message?

Which client software are you using? Is that using single sign on or your manually entereing the login credentials for authentication?

Regards

Najaf

Please rate when applicable or helpful !!!

jeremys8137 · ‎02-05-2013

I spoke with cisco tac and they were able to get this working for me. The fix was to add the second domain to the tcp/ip ipv4 advanced settings on the nic of the server.

Under Network Connections - local area connection - properties - Internet Protocol Version 4 - properties - general - advanced - dns

select the radio button for append these dns suffixes (in order ) and add the domains that you want to authenticate against

kcnajaf · ‎02-05-2013

Hi Jeremy,

Glad to hear that you have got a fix for the same now.

Regards

Najaf