Single SSID authentication to Different Domains

License · ‎03-27-2019

Hi All,

I have a scenario where we have two different units of business working in the same building. We have single WLC and around 20 APs to serve both units. Now the management requires only one SSID and authenticate the users using the AD credentials.

The problem is that these two business units have their own AD Domain (Say domain1.com for the 1st Unit and domain2.com for the 2nd Unit). We have an NPS server which is a member of domain Domain1.com. How can I authenticate the users of the second unit using the same NPS? Or should I create another NPS for the second Unit?

Thank You All

Deepak Kumar · ‎03-27-2019

Hi,

Yes, it is possible, you have to establish Trust relationships between domains. After that, it will work with Single NPS server.

http://www.pearsonitcertification.com/articles/article.aspx?p=170286&seqNum=2

https://www.ibm.com/support/knowledgecenter/sv/SSEPGG_9.7.0/com.ibm.db2.luw.admin.sec.doc/doc/c0008874.html

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

AKS Cisco · ‎01-12-2023

Thank you for all your input and comments.

Further, wanted to check on below wireless auth use case and need your expert comments and advice.

So, for example, my company domain is company.com.my and laptops are build in this domain can connect to corp wireless network using 802.1x NPS server (cert based auth).
Now, we have contractor hired from different company for say company.com to work in different section of project in our company office but using contractor company given laptop build in their domain. Contractor will have their user IDs created in our domain with certain restrictions but, there is no domain level trust between our and contactor Company domain. We can build new wireless network separately for contactor but, the question is, can we use our certificate on contractor laptop to allow our wireless services & will that even work?