Cisco Secure ACS 3.2 - compatible with Win 2003 domains?

Hello,
I have a Win 2003 domain (A) and a trust established with another Win
2003 domain (B). Domain A is the one with the CiscoSecure software.
We have many trusts with other domains (mostly Win 2000) and have
configured the mappings by using CiscoSecure.

But when trying to "add mappings" for this new 2003 Domain (B), I
continually am getting "failed to enumerate Windows groups. If you are
using Active Directory consult the installation guide for information."

I am not able to see domain B's users and groups from within the Ciscoe
Secure software.

However, if I use Active Directory Users and Computers from Domain A,
and "connect to domain" and choose Domain B, I am able to view all
users and groups just fine.

Do you know if there is a problem with configuring two 2003 domains in
this software? Do you have any other areas that I should investigate?
Some local policy on Domain B?

I appreciate any thoughts that you might have.
thanks,
Don

 

Are the domains in the same tree or forest, and thereby having implicit
transitive trusts?

We use ACS 3.2 for accounts in two domains (domain and subdomain) and
don't see any problems in that.

Ole Thomsen

 

Ole, thanks for the response.
The domains are not in the same forest. Do you think that is a problem
in itself?
Now that you raise that issue, I am not sure if we have a configuration
set up between two domains that are in different forests.
thanks,
Don

 

If you are running Windows 2003 it is possible (but not necessarily
wise) to create a forest trust.

If you have a CCO account you could try asking in the Netpro AAA-forum.

Ole Thomsen