Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Cross AD forest/domain Authentication for 80211x without using multiple Radius Server

This thread has been viewed 1 times

  • 1.  Cross AD forest/domain Authentication for 80211x without using multiple Radius Server

    Posted Feb 10, 2011 07:07 AM
    We currently use multiple Microsoft 2008R2 Servers NIPs Functionality (aka IAS/Radius) to authenticate our Machines and users against AD using 802.11x. We have 8 AD forests/domains and currently have multiple NIPs servers pairs in each forest/domain.

    We are looking to rationalize the number of NIPS servers down to basically 1 pair which can service all forests /domains, ie we want the NIPs servers to do AD/LDAP lookups across the various domains to validate the machine and user credentials without having to have NIPs/IAS/Radius server in each forest/domain..

    Has anyone done this ? Is it actually possible ?


  • 2.  RE: Cross AD forest/domain Authentication for 80211x without using multiple Radius Server

    EMPLOYEE
    Posted Feb 10, 2011 07:59 AM
    You need at least one server per forest:

    http://technet.microsoft.com/en-us/library/cc778436%28WS.10%29.aspx