I am currently doing EAP-TLS for user and machine authentication for my wireless clients
due to changes my users are now in one AD domain whilst machines are members of another AD domain,
is it possible for ACS 5.5 to be a member of multiple domains so that EAP-TLS can still function.
Authenticate machines in AD-1 and users in AD-2
kindly check the below guide for reference
so with closer reading, LDAP integration is what should be used when external identity stores are two different AD domains that don't trust each other and if the domains do trust each other ACS 5.5 now support multiple AD domain integration. ?
In the end the outgoing and incoming trusts were setup on the two AD domains
the ACS remained joined to a single domain, but I had to install the root certificate from the other domain
has one of the known certificate authorities. After that machine authentication via EAP-TLS on domain-A worked
and the user authentication on domain-B with "was machine authenticated = True" checked also worked.