cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

906
Views
0
Helpful
3
Replies
Beginner

ACS 5.5 joined to multiple AD domains

Hi All,

I am currently doing EAP-TLS for user and machine authentication for my wireless clients

due to changes my users are now in one AD domain whilst machines are members of another AD domain,

is it possible for ACS 5.5 to be a member of multiple domains so that EAP-TLS can still function.

Authenticate machines in AD-1 and users in AD-2

TIA

3 REPLIES 3
Enthusiast

ACS 5.5 joined to multiple AD domains

Highlighted
Beginner

ACS 5.5 joined to multiple AD domains

Hi Kashif,

so with closer reading, LDAP integration is what should be used when external identity stores are two different AD domains that don't trust each other and  if the domains do trust each other ACS 5.5 now  support multiple AD domain integration. ?

Beginner

ACS 5.5 joined to multiple AD domains

In the end the outgoing and incoming trusts were setup on the two AD domains

the ACS remained joined to a single domain, but I had to install the root certificate from the other domain

has one of the known certificate authorities. After that machine authentication via EAP-TLS on domain-A worked

and the user authentication on domain-B with "was machine authenticated = True" checked also worked.