09-11-2015 08:50 AM - edited 03-10-2019 11:02 PM
All
My company recently acquired another company
Each company has it's own domain and controllers
The Problem:
Executives from the acquired company occasionally come to main site for meetings using their own laptops
configured for their own domains. This has caused authentication issues with Wireless with Windows 7 machines.
The domain account when logging in is forcing the sending of the domain username and password and the foreign domain
The need:
We need to somehow add foreign domain as an authentication source on the local ACS so that the attempted authentication with our wireless controllers is allowed.
Please provide guidance on how this could be accomplished.
Solved! Go to Solution.
09-11-2015 01:26 PM
Hello Steve,
Related to the behavior you are facing with ACS to be able to authenticate users against the foreign domain is totally expected and you will only be able to authenticate by entering username and domain name.
The only option to join the ACS to a foreign domain is by configuring LDAP and that way you will be able to join the ACS directly with that domain, however, there are several limitations on the protocols supported when using LDAP as you can see on the following link, so you might want to see if it would be an available option for you or not depending on which protocol you are using ( which I assume it is PEAP/MSchapv2 as you mentioned that users have to enter credentials, so it that is the case it will not work for you ):
http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_system/5-5/user/guide/acsuserguide/eap_pap_phase.html#pgfId-1014889
Extracted from link:
Table B-4 Non-EAP Authentication Protocol and User Database Compatibility
Table B-5 specifies EAP authentication protocol support.
Yes3 | |||||||
Note: Please mark it as answered if applicable.
09-11-2015 01:26 PM
Hello Steve,
Related to the behavior you are facing with ACS to be able to authenticate users against the foreign domain is totally expected and you will only be able to authenticate by entering username and domain name.
The only option to join the ACS to a foreign domain is by configuring LDAP and that way you will be able to join the ACS directly with that domain, however, there are several limitations on the protocols supported when using LDAP as you can see on the following link, so you might want to see if it would be an available option for you or not depending on which protocol you are using ( which I assume it is PEAP/MSchapv2 as you mentioned that users have to enter credentials, so it that is the case it will not work for you ):
http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_system/5-5/user/guide/acsuserguide/eap_pap_phase.html#pgfId-1014889
Extracted from link:
Table B-4 Non-EAP Authentication Protocol and User Database Compatibility
Table B-5 specifies EAP authentication protocol support.
Yes3 | |||||||
Note: Please mark it as answered if applicable.
09-16-2015 07:50 AM
Ivangonz
Thank you for the response.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide