cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

4480
Views
0
Helpful
5
Replies
Beginner

Cisco ACS 5.3 multiple AD domains

Hello everyone

I do have a quick question about Cisco ACS 5.3 and multi domain authentication. How is it exactly handled?

Can I join more than one domain with the ACS server? Or do I still need to configure that bidirectional trust relationship between those AD forests (even with the ACS 5.3)?

Thanks,

Markus

Everyone's tags (7)
2 ACCEPTED SOLUTIONS

Accepted Solutions
Advocate

Re: Cisco ACS 5.3 multiple AD domains

Hi,

You can only join acs to a single domain. Here is a thread that will help you identify the trust you will need in order to get this working.

https://supportforums.cisco.com/thread/2162234

Thanks,

Tarik Admani

Please rate helpful posts

Sent from Cisco Technical Support iPad App

Tarik Admani
*Please rate helpful posts*

View solution in original post

VIP Mentor

Cisco ACS 5.3 multiple AD domains

There could be another solution for the problem that the ACS5 can only join one domain: Query your different ADs through LDAP if possible.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

View solution in original post

5 REPLIES 5
Advocate

Re: Cisco ACS 5.3 multiple AD domains

Hi,

You can only join acs to a single domain. Here is a thread that will help you identify the trust you will need in order to get this working.

https://supportforums.cisco.com/thread/2162234

Thanks,

Tarik Admani

Please rate helpful posts

Sent from Cisco Technical Support iPad App

Tarik Admani
*Please rate helpful posts*

View solution in original post

Beginner

Cisco ACS 5.3 multiple AD domains

Hello Tarik

Thanks you for the quick response. The information in the link is very helpful and I have forwarded this to our windows AD group.

Regards,

Markus

VIP Mentor

Cisco ACS 5.3 multiple AD domains

There could be another solution for the problem that the ACS5 can only join one domain: Query your different ADs through LDAP if possible.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

View solution in original post

Highlighted
Beginner

Cisco ACS 5.3 multiple AD domains

Hello Karsten

Thanks for the hint, but using LDAP to query the AD has some limitations that I can not work around (if I remember correctly).

Regards,

Markus

Advocate

Cisco ACS 5.3 multiple AD domains

Markus,

If you are using peap mschapv2 then you can not use LDAP.

Here is the link when it comes authentication protocol and database support -

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.3/user/guide/eap_pap_phase.html#wp1014889

thanks,

Tarik Admani
*Please rate helpful posts*

Tarik Admani
*Please rate helpful posts*