ACS two different domains - WLAN Authentication

markus.fuchs · ‎01-16-2014

Hi Cisco Community,

I have a question regarding support Cisco ACS and two AD Domains. I have found a few interesting discussion, but none answered my questions directly.

We are using the ACS (version 5.3 at the moment) to authenticate our NB to logon to the internal WLAN. At the moment we plan to migrate all user to a complete new AD domain, it's a new forest and a trust exists to from the old to the new one.

The ACS is "joined" to the old one. I understand it has something to do with MSCHAPV2 or not?

Will this work? What would be the best approach to this?

Thank you for your support.

Markus

edwjames · ‎01-16-2014

Markus,

If its a two way trust, it will work.

IMP: you need to use suffix or prefix for the other domain users that the ACS is not connected to.

**Share your knowledge. It’s a way to achieve immortality.
--Dalai Lama**

Please Rate if helpful.
Regards
Ed

**Share your knowledge. It’s a way to achieve immortality. --Dalai Lama** Please Rate if helpful. Regards Ed

markus.fuchs · ‎01-22-2014

Hi Edward,

thank you for your answer. What do you mean exactly with "suffix or prefix" of the domain users? I did put the "test OU" of the new domain into the ACS config and plan to do a test of a migrated client in the next few days and let you know.

Thank you

edwjames · ‎01-22-2014

CISCO/edward (prefix)

edward@cisco.com (Suffix)

I hope this helps, btw, cisco is the domain.

**Share your knowledge. It’s a way to achieve immortality.
--Dalai Lama**

Please Rate if helpful.
Regards
Ed

**Share your knowledge. It’s a way to achieve immortality. --Dalai Lama** Please Rate if helpful. Regards Ed