Re: Can ACS authenticate 2 untrusted windows domains?

bfeeny · ‎09-02-2005

I have an ACS Solution Engine 3.3, and it is authenticating a Windows Domain, and this works fine. Its authenticating by using the Remote Agent. As I understand you can have 2 remote agent servers, but they must be from the same domain.

I also understand that you can authenticate to multple domains if there is a trust between them, and this makes sense.

I have a situation however, where I need to authenticate to a second windows domain, and I cannot build a trust between it and the domain that I currently authenticate to using Remote Agent.

It is the same devices that need to authenticate to both domains. My thought was that I could use the proxy director in ACS, to send any requests with suffix "@myotherdomain.com" to a RADIUS server, which would be IAS running on the other windows domain. I don't know why but I could not get this working.

When users would leap authenticate, any presence of a domain listed would send them to the windows remote agent.

Anyone have any ideas on this?

umedryk · ‎09-08-2005

Does it throw some kind of error message also ?

bfeeny · ‎09-08-2005

From what I understand this is doable, I opened a TAC case and they confirmed. I only had so much time on this project, and never was able to actually implement it, but it sounds like as long as the clients aaa lines are using RADIUS, then I should be able to use proxy distribution to send requests to an IAS server in the 2nd domain.

Brian

lxcollin1 · ‎09-27-2005

Hi Brian,

I'm wondering if you were able to get this working? If so, what was the fix? I am looking at a similar scenario.

Thanks!!

Lee

bfeeny · ‎09-27-2005

I never actually implemented it, my time was up on the project so I had to move on. My understanding is that this is doable with proxy director.

Brian