Cisco Community
English
Register
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

906
Views
0
Helpful
3
Replies
g.peart
g.peart Beginner
Beginner
‎02-10-2014 05:30 PM
‎02-10-2014 05:30 PM

ACS 5.5 joined to multiple AD domains

Hi All,

I am currently doing EAP-TLS for user and machine authentication for my wireless clients

due to changes my users are now in one AD domain whilst machines are members of another AD domain,

is it possible for ACS 5.5 to be a member of multiple domains so that EAP-TLS can still function.

Authenticate machines in AD-1 and users in AD-2

TIA

Labels:
0 Helpful
Reply
3 REPLIES 3
kaaftab
kaaftab Enthusiast
Enthusiast
‎02-11-2014 01:30 AM
‎02-11-2014 01:30 AM

ACS 5.5 joined to multiple AD domains

kindly check the below guide for reference

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.5/user/guide/users_id_stores.html#wp1053126

0 Helpful
Reply
Highlighted
g.peart
g.peart Beginner
Beginner
‎02-11-2014 02:56 PM
‎02-11-2014 02:56 PM

ACS 5.5 joined to multiple AD domains

Hi Kashif,

so with closer reading, LDAP integration is what should be used when external identity stores are two different AD domains that don't trust each other and  if the domains do trust each other ACS 5.5 now  support multiple AD domain integration. ?

0 Helpful
Reply
g.peart
g.peart Beginner
Beginner
‎02-13-2014 03:40 PM
‎02-13-2014 03:40 PM

ACS 5.5 joined to multiple AD domains

In the end the outgoing and incoming trusts were setup on the two AD domains

the ACS remained joined to a single domain, but I had to install the root certificate from the other domain

has one of the known certificate authorities. After that machine authentication via EAP-TLS on domain-A worked

and the user authentication on domain-B with "was machine authenticated = True" checked also worked.

0 Helpful
Reply
Latest Contents
The year in cyber threats: A look back at the tools and tact...
Created by Kelli Glass on 12-13-2019 03:37 PM
0
0
0
0
How would your organization perform against the cyberattacks of 2019? Protect your organization in 2020 by learning about the biggest cyberthreats of the year. Read the latest Cisco Cybersecurity Report 
#CiscoChat Live: 2019 Cyber Threats of the Year
Created by Kelli Glass on 12-13-2019 03:19 PM
0
0
0
0
Join us live on Tuesday, December 17 at 9 am PT (and on demand after) to learn about the cyber threats of 2019 and how to defend your organization in the future.   Some cybercriminals have specific organizations in mind when they’re planning an attac... view more
#CiscoChat Live: 2019 Cyber Threats of the Year
Created by Kelli Glass on 12-13-2019 03:17 PM
0
0
0
0
Join us live on Tuesday, December 17 at 9 am PT (and on demand after) to learn about the cyber threats of 2019 and how to defend your organization in the future. Some cybercriminals have specific organizations in mind when they’re planning an attack. We l... view more
Stealthwatch Enterprise - what capabilities does it provide ...
Created by ben.greenbaum on 12-12-2019 11:27 AM
0
0
0
0
Threat Response integrates with Cisco Stealthwatch Enterprise (SWE) to provide Visibility into network threats. By adding an SWE module to Threat Response, investigators will be able to search for network flows to or from IP addresses that have been reco... view more
Monitoring Failover status (ASA Cluster, Active/Standby) by ...
Created by Oleg Volkov on 12-12-2019 02:26 AM
0
0
0
0
Hi.Want to know Failover cluster status? If You have PRTG do it in 5 min.Download my sensor.Deploy REST API to Your ASA,sAdd my sensor to PRTG and set parameters:In PRTG device settings add linux user and password (ASA user, which have read permissions)-u... view more
CreatePlease to create content
Discussion
Blog
Document
Video