This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
Does the current Cisco ISE supports for authenticating on multiple Active Directories ?
I can only set Cisco ISE to join on single active directory and LDAP
Does anyone have set Cisco ISE to support EAP-FAST with WPAD or PAC provisioning ?
Currently the ise doesn't support multiple domain membership but hat is coming soon.
Sent from Cisco Technical Support iPad App
We are into a situation where we need to authenticate users of two domains and these two domains are completely independent (no common DNS server). ISE is not able to resolve one of the domain using the DNS server settings and Adding a host entry for the domain name is not sufficient since Kerberos, GC and LDAP SRVs need to be resolvable as well.
From what I know ISE 1.3 should supports disjointed domains and there is no requirement for ISE to have 2 way trust relationship with domains.
Please share your experience if someone has faced similar situation before.
Ahktar> You will need to have a forwarder set for the second domain on your own DNS server, so ISE knows what DNS server to ask about that domain. ISE 1.3 supports multiple seperate domains, but not DNS servers set per domain.
Cisco ISE supports multidomain forests. Cisco ISE connects to a single domain, but can access resources from the other domains in the Active Directory forest if trust relationships are established between the domain to which Cisco ISE is connected and the other domains.
Currently, ISE 1.2 supports authentications across multiple AD Domains through Domain Trust Relationships.
ISE 1.3, which is tentatively scheduled for release around the end of July, will incorporate Multiple AD Forest support.
Please Rate Helpful posts and mark this question as answered if, in fact, this does answer your question. Otherwise, feel free to post follow-up questions.
Ok, so if I read this correctly, I can still add only 1 Domain/Forrest but if that domain has a trust towards another domain, I can authenticate users from that domain.
Is there any configuration documentation for Cisco ISE Authentication for Multiple Active Directoris with trush relationship between domain (not use LDAP because when use LDAP, Cisco ISE don't support MS-Chap & i try not to use Cisco Anyconnect)