cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

8748
Views
14
Helpful
10
Replies

Multiple domains authentication on Cisco ISE

Hi,

Does the current Cisco ISE supports for authenticating on multiple Active Directories ?

I can only set Cisco ISE to join on single active directory and LDAP

Does anyone have set Cisco ISE to support EAP-FAST with WPAD or PAC provisioning ?

Thanks

Pongsatorn

Everyone's tags (1)
10 REPLIES 10
Highlighted
Advocate

Re: Multiple domains authentication on Cisco ISE

Currently the ise doesn't support multiple domain membership but hat is coming soon.

Sent from Cisco Technical Support iPad App

Tarik Admani
*Please rate helpful posts*
Highlighted
Beginner

Hi,We are into a situation

Hi,

We are into a situation where we need to authenticate users of two domains and these two domains are completely independent (no common DNS server). ISE is not able to resolve one of the domain using the DNS server settings and Adding a host entry for the domain name is not sufficient since Kerberos, GC and LDAP SRVs need to be resolvable as well.

From what I know ISE 1.3 should supports disjointed domains and there is no requirement for ISE to have 2 way trust relationship with domains.

Please share your experience if someone has faced similar situation before.

 

Regards,

Akhtar

Highlighted
Rising star

Ahktar> You will need to have

Ahktar> You will need to have a forwarder set for the second domain on your own DNS server, so ISE knows what DNS server to ask about that domain. ISE 1.3 supports multiple seperate domains, but not DNS servers set per domain.

Highlighted
Cisco Employee

Re: Multiple domains authentication on Cisco ISE

Cisco ISE supports multidomain forests. Cisco ISE  connects to a single domain, but can access resources from the other  domains in the Active Directory forest if trust relationships are  established between the domain to which Cisco ISE is connected and the  other domains.

Highlighted

Hi all, It's now 2 years

Hi all,

 

It's now 2 years later, is there any change on this or is it still 1 AD?

Highlighted
Enthusiast

This functionality is

This functionality is expected in cisco ISE 1.3 which is exptected to be released later this summer

Highlighted
Cisco Employee

Currently, ISE 1.2 supports

Currently, ISE 1.2 supports authentications across multiple AD Domains through Domain Trust Relationships.

ISE 1.3, which is tentatively scheduled for release around the end of July, will incorporate Multiple AD Forest support.

 

Please Rate Helpful posts and mark this question as answered if, in fact, this does answer your question.  Otherwise, feel free to post follow-up questions.

Charles Moreton

Highlighted

Ok, so if I read this

Ok, so if I read this correctly, I can still add only 1 Domain/Forrest but if that domain has a trust towards another domain, I can authenticate users from that domain.

Highlighted
Beginner

Guys,Is there any

Guys,

Is there any configuration documentation for Cisco ISE Authentication for Multiple Active Directoris with trush relationship between domain (not use LDAP because when use LDAP, Cisco ISE don't support MS-Chap & i try not to use Cisco Anyconnect)

 

BR

 

Highlighted
Participant

Attached is the step by step

Attached is the step by step configuration of multiple AD integration wit the ISE.