Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1675
Views
0
Helpful
2
Replies

Single ACS server - Multiple Domain checking

bberry
Level 1
Level 1

‎04-28-2011 08:57 AM - edited ‎03-10-2019 06:02 PM

Ok here is my crazy question for the day but I am not sure the best way to ask it. I am a complete newbie on the ACS but have gotten AAA working on my test switch. Woo Hoo ..

I have two different domains in my AD forest. Lets say 123.mycompany.com and abc.mycompany.com.

I have ACS working with 123.mycompany.com but need to check users in abc.mycompany.com. Should that be possible? I did not know if instead of using 123.mycompanycom for the active directory name that things would work if I used mycompany.com instead. So far I have not see a way to specifiy more than one AD External Identity Store, at least through the GUI. I also did not know if I could use boolean type expressions when I develop the policies.

Am I asking too much? Will I need two ACS servers instead of one? Should I scrap ACS and go a different route? I was figuring to start with Tacacs+ and dot1-x authentication for a start then use the radius function for other items (maybe VPN) after that.

Brent

Labels:
0 Helpful
2 Replies 2

Erick Delgado
Level 1
Level 1

‎04-28-2011 07:58 PM

Hello,

You have to have a bi directional trust relationship between both donains that is the only way around.

If you are unable to do I suggest to use ldap for one domain and AD for the other one.

If you have any question feel free to contact me.

Regards

Erick Delgado

Cisco CSE

Sent from Cisco Technical Support iPhone App

0 Helpful

girish_gavandi
Level 1
Level 1
In response to Erick Delgado

‎04-18-2012 03:01 AM

Hi Erik,

Even I have a similar problem at one of our customer. Is there any document available detailing about how this can be achieved?

Any help is much appreciated.

Many Thanks.

Girish

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents