Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
438
Views
0
Helpful
2
Replies

WLC AAA Radius to ISE - Multiple Domains in Single Forrest

louis.engelbrecht
Level 1
Level 1

‎09-04-2014 01:43 AM - edited ‎03-10-2019 09:59 PM

I am currently having a problem configuring AAA for management access to our wireless controllers.

Our active directory structure is as below: (note all domains are part of the same forest and full trusts between the domains)

Root Domain

Americas domain                UK Domain              EU Domain            APAC Domain

Because of the multiple domains that exist when admins login they need to use their full UPN (username@ukdomain.com), since just using username will only authenticate agains the Root Domain and there may be duplicate usernames between the domains.

I cant even see the radius request hitting ISE and i found out that this is due to a 24 character limit on the username field on the WLC's. 

I dont have this issue with other IOS based devices. 

I could just create some admin accounts in the root domain but the problem is that lobbyadmin staff also needs to authenticate and they will run into the same issue.

Dont know if someone has any suggestions for a possible workaround?

 

Labels:
0 Helpful
2 Replies 2

Venkatesh Attuluri
Cisco Employee
Cisco Employee

‎09-17-2014 06:49 AM

https://supportforums.cisco.com/discussion/11598776/multiple-domains-authentication-cisco-ise

0 Helpful

Saurav Lodh
Level 7
Level 7

‎09-18-2014 05:24 PM

http://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise/design-zone-security/howto_45_multiple_active_directories.pdf

0 Helpful
Customers Also Viewed These Support Documents