just implemented new 5.4 ACSs, soft appliances. This is an upgrade from 4.1 appliances.

We are seeing a problem with cross forest authentcation (radius). I have searched through the forums and did find

a number of posts with similar situations. Thus far nothing has resolved this problem. I do believe it is completely

within AD, as I can see from the aaa reports that the auth request is following the sequence and fails with the

"subject not found in identity store" message.

The AD team says that the trust is 2way, and they reconfigured is as an external trust, although I don't know if they

disabled SID filtering as per some of the forum posts. The domain that the ACSs are joined to (domain A) is 2008 R2

functional, and the trusted domain (domain B) is 2003 functional. Users in domain A authenticate whether or not the

domain is present with the username. Users in domain B fail with the above message.

My questions are:

1. will enabling adclient debugging provide any info that is more insightful? IE- where in the AD trust this is failing?

   I'd like to try and provide as much info as I can to our AD team.

2. all else failing, would configuring ldap to authenticate users in domain B be a viable option?

The forum posts have been helpful, and have given some direction, and I'll continue to dig around.

I have submitted a ticket to apply patch 1 this weekend.

Thanks for any pointers - chris