Old question, but it's the only topic I could find on the subject. We have ACS 5.2 for wireless access control, AD identity store for a domain (DOMAIN1) also includes groups from a trusted domain (one-way trust, DOMAIN2). Users in DOMAIN1 can authenticate using username only, users in DOMAIN2 must login using DOMAIN2\username or else we get: 22056 Subject not found in the applicable identity store(s). Users in DOMAIN2 are currently on their own ACS joined to DOMAIN2 but we'd like to move them to the new ACS and use the old as a backup runnning the same config. Clients are currently configured to login using username only. Several thousand clients, mixed environment with Windows, Apple iOS, OS/X, Android, Linux, so a lot of work if we have to reconfigure all of them manually. Like wmblake's original question says, is there any way to make ACS search the DOMAIN2 groups if the search fails on DOMAIN1, even if the DOMAIN2 prefix is omitted?
... View more