Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
773
Views
0
Helpful
5
Replies

ACS 4.2 multiple AD domain authentication

jeremys8137
Level 1
Level 1

‎02-04-2013 02:36 PM - edited ‎03-10-2019 08:03 PM

I have acs 4.2 for windows installed on a windows server 2003 box, because of a merger I need to now authenticate against 2 different domains, there is a bidirectional trust between the two domains and the dial-in permission has been set in ADUC but whenever I try to authenticate a user it says dial-in permissions needed in the acs failed authentication log. I think it's an AD issue but i can't know for sure as i'm not a windows guy, any suggestions?

Labels:
0 Helpful
5 Replies 5

kcnajaf
Level 7
Level 7

‎02-05-2013 04:47 AM

Hi Jeremy,

The 2003 box where you have installed ACS, is this server part of both domains which you wanted the users to be autheticated?

Have you enabled the dial in permission on the ACS as well as per the screenshot below?

           

Regards

Najaf

Please rate when applicable or helpful !!!

0 Helpful

jeremys8137
Level 1
Level 1
In response to kcnajaf

‎02-05-2013 06:49 AM

Najaf,

On the login screen for the server it has both domains in the drop down menu so I believe it is, and yes I have enabled the dial-in permissions check box under the database configuration screen

0 Helpful

kcnajaf
Level 7
Level 7
In response to jeremys8137

‎02-05-2013 08:13 PM

Hi Jeremy,

In that case this should work...Do you have trouble with both domain or only with the new domain you are seeing these login failed message?

Which client software are you using? Is that using single sign on or your manually entereing the login credentials for authentication?

Regards

Najaf

Please rate when applicable or helpful !!!

0 Helpful

jeremys8137
Level 1
Level 1
In response to kcnajaf

‎02-05-2013 09:08 PM

I spoke with cisco tac and they were able to get this working for me. The fix was to add the second domain to the tcp/ip ipv4 advanced settings on the nic of the server.

Under Network Connections - local area connection - properties - Internet Protocol Version 4 - properties - general - advanced - dns

select the radio button for append these dns suffixes (in order ) and add the domains that you want to authenticate against

0 Helpful

kcnajaf
Level 7
Level 7
In response to jeremys8137

‎02-05-2013 09:59 PM

Hi Jeremy,

Glad to hear that you have got a fix for the same now.

Regards

Najaf

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents