09-04-2014 01:43 AM - edited 03-10-2019 09:59 PM
I am currently having a problem configuring AAA for management access to our wireless controllers.
Our active directory structure is as below: (note all domains are part of the same forest and full trusts between the domains)
Root Domain
Americas domain UK Domain EU Domain APAC Domain
Because of the multiple domains that exist when admins login they need to use their full UPN (username@ukdomain.com), since just using username will only authenticate agains the Root Domain and there may be duplicate usernames between the domains.
I cant even see the radius request hitting ISE and i found out that this is due to a 24 character limit on the username field on the WLC's.
I dont have this issue with other IOS based devices.
I could just create some admin accounts in the root domain but the problem is that lobbyadmin staff also needs to authenticate and they will run into the same issue.
Dont know if someone has any suggestions for a possible workaround?
09-17-2014 06:49 AM
https://supportforums.cisco.com/discussion/11598776/multiple-domains-authentication-cisco-ise
09-18-2014 05:24 PM
http://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise/design-zone-security/howto_45_multiple_active_directories.pdf
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide