Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1503
Views
5
Helpful
2
Replies

ACS 5.2 Multiple Active Directory Support

Go to solution
dumlutimuralp
Level 1
Level 1

‎06-30-2011 02:02 AM - edited ‎03-12-2019 05:39 PM

Hi,

I couldnt seem to find a way to add multiple DCs to Cisco ACS 5.2 , all it requires in the ACS GUI is input the Domain Name ? Are we limited to add the root DC  /forest ?

I am not a Microsoft Expert ...

I also couldnt figure out how ACS finds the DC through this simple input ? Is it DNS aided ?

Comments are appreciated.

Dumlu

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Shaik Zubair
Level 1
Level 1

‎06-30-2011 10:58 AM

ACS 5 can be joined only to a single domain as of now. when acs is joined to a domain ACS can authenticate any user that belongs to that domain from Any Domain controller in that domain. It relies on DNS resolution to find the appropriate Domain controller.

I believe what your looking for is Multi domain authentication. if you want to perform this then you should have a bidirectional trust between the ACS immediate domain ( the domain of which ACS is a part of) the other domains. The ACS will send the authentication to the one of the domain controllers in its domain and this will be then forwarded to other domain. It could be either a child or a parallel domain but it needs to have 2 way trust between them.

Another way you could opt for is to configure 2 seperate domain controllers from different domains as LDAP servers. In this case we do not need any 2 way trust and you can seperately authentication request from each domain.

View solution in original post

2 Replies 2

Go to solution
Shaik Zubair
Level 1
Level 1

‎06-30-2011 10:58 AM

ACS 5 can be joined only to a single domain as of now. when acs is joined to a domain ACS can authenticate any user that belongs to that domain from Any Domain controller in that domain. It relies on DNS resolution to find the appropriate Domain controller.

I believe what your looking for is Multi domain authentication. if you want to perform this then you should have a bidirectional trust between the ACS immediate domain ( the domain of which ACS is a part of) the other domains. The ACS will send the authentication to the one of the domain controllers in its domain and this will be then forwarded to other domain. It could be either a child or a parallel domain but it needs to have 2 way trust between them.

Another way you could opt for is to configure 2 seperate domain controllers from different domains as LDAP servers. In this case we do not need any 2 way trust and you can seperately authentication request from each domain.

Go to solution
dumlutimuralp
Level 1
Level 1
In response to Shaik Zubair

‎06-30-2011 11:02 AM

Shaik,

Thank you. Appreciate it.

0 Helpful
Customers Also Viewed These Support Documents