cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
11318
Views
14
Helpful
10
Replies

Multiple domains authentication on Cisco ISE

Hi,

Does the current Cisco ISE supports for authenticating on multiple Active Directories ?

I can only set Cisco ISE to join on single active directory and LDAP

Does anyone have set Cisco ISE to support EAP-FAST with WPAD or PAC provisioning ?

Thanks

Pongsatorn

10 Replies 10

Tarik Admani
VIP Alumni
VIP Alumni

Currently the ise doesn't support multiple domain membership but hat is coming soon.

Sent from Cisco Technical Support iPad App

Hi,

We are into a situation where we need to authenticate users of two domains and these two domains are completely independent (no common DNS server). ISE is not able to resolve one of the domain using the DNS server settings and Adding a host entry for the domain name is not sufficient since Kerberos, GC and LDAP SRVs need to be resolvable as well.

From what I know ISE 1.3 should supports disjointed domains and there is no requirement for ISE to have 2 way trust relationship with domains.

Please share your experience if someone has faced similar situation before.

 

Regards,

Akhtar

Ahktar> You will need to have a forwarder set for the second domain on your own DNS server, so ISE knows what DNS server to ask about that domain. ISE 1.3 supports multiple seperate domains, but not DNS servers set per domain.

Venkatesh Attuluri
Cisco Employee
Cisco Employee

Cisco ISE supports multidomain forests. Cisco ISE  connects to a single domain, but can access resources from the other  domains in the Active Directory forest if trust relationships are  established between the domain to which Cisco ISE is connected and the  other domains.

Hi all,

 

It's now 2 years later, is there any change on this or is it still 1 AD?

This functionality is expected in cisco ISE 1.3 which is exptected to be released later this summer

Currently, ISE 1.2 supports authentications across multiple AD Domains through Domain Trust Relationships.

ISE 1.3, which is tentatively scheduled for release around the end of July, will incorporate Multiple AD Forest support.

 

Please Rate Helpful posts and mark this question as answered if, in fact, this does answer your question.  Otherwise, feel free to post follow-up questions.

Charles Moreton

Ok, so if I read this correctly, I can still add only 1 Domain/Forrest but if that domain has a trust towards another domain, I can authenticate users from that domain.

Rizal Ferdiyan
Level 1
Level 1

Guys,

Is there any configuration documentation for Cisco ISE Authentication for Multiple Active Directoris with trush relationship between domain (not use LDAP because when use LDAP, Cisco ISE don't support MS-Chap & i try not to use Cisco Anyconnect)

 

BR

 

manjeets
Level 3
Level 3

Attached is the step by step configuration of multiple AD integration wit the ISE.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: