Re: ACS4.2 Windows authentication to other trusted domain

per_2 · ‎06-07-2011

I'm installing ACS4.2 in our lab domain and want to leverage the corporate domain for authentication. The one way trust is in place, but there is a facet that I'm not clear on in regards to the installation requirement.

I'd like to install ACS on a lab domain member server, but I'm not sure that will work. The installation docs seem to imply that a member server must be in the same domain as the authentication server, but its not very clear.

So the quesiton is: if I want to use the one way trust to the Corporate Domain, am I required to install ACS on the domain controller of the Lab Domain?

Thanks in advance.

Per

andamani · ‎06-12-2011

Hi,

As far as i understand a two way trust is a requirement with ACS.

Regards,

Anisha

P.S.: please mark this post as answered if you feel your query is resolved. Do rate helpful posts.

per_2 · ‎06-12-2011

Anisha-

Additional searching revealed this:

Grant Dialin Permission to User

CSCdp01784

To use the Grant Dialin Permission to User feature, a two-way trust relationship must be established between the remote Windows NT domain and the CiscoSecure ACS for Windows NT server. This is a Windows NT issue. There is no workaround.

I'm not concerned about using the "Grant Dialin Permission to User". Rather I'm looking to simply authenticate. Can you positively confirm that a two-way trust is required?

per_2 · ‎08-31-2011

I have ACS4.2 installed and working on a "lab" domain member server (not domain controller). The lab has a one-way trust to the corporate domain and everything works just fine.