Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1330
Views
0
Helpful
1
Replies

ACS 4.2 - AD Cross Forest Authentication

nrmdcs
Level 1
Level 1

‎01-20-2010 10:32 PM - edited ‎03-10-2019 04:53 PM

I have a requirement to authenticate wireless users who are members of a seperate AD forest.  The domain administrators have assured me that a two-way transitive trust is inplace between the forests.  I am having problems mapping groups from the new domain to ACS groups, it "Fails to enumerate the windows groups, please check installation documentation".  I have checked and double checked our installation against the instructions and I don't think I have missed anything on that count.

I have run some packet captures of network traffic during ACS services startup, as well as when attempting to map groups and there is no traffic to domain controllers in the other domain / forest.  Is this expected?  Is this supposed to be handled by the local domain?

Any further diagnosis tips, or things to try to try and pinpoint where I have gone wrong?

Thanks,
Michael

Labels:
0 Helpful
1 Reply 1

tech-intercom
Level 1
Level 1

‎02-03-2010 02:39 AM

maybe i have teh same problem.

my question is: the relationship betwen domain controllers must be two-way transitive or can be configured in other way?

in other words acs requires trust relationship two-way transitive?

bye,

Luca

0 Helpful
Customers Also Viewed These Support Documents