I have a forest domain environment using 802.1X to authenticate client domains. I have a child domain that gets disconnected every now and then due to weather and various other issues. Because of this I have a server joined to the top level domain that handles CA and RADIUS connections. This means when that domain gets disconnected, the clients on that domain should be authenticating against that RADIUS server using the Domain Controllers for that child domain. I have added that server into the RAS group on the child domain.
In the Cisco config for the switches I have added the RADIUS server to the config of the switches on that domain. On the NPS of that RADIUS server I have told it to check the Child Domain computers group to authenticate those machines.
When connected to the top level network the top level RADIUS servers authenticate the child computers. When disconnected the RADIUS server connected to the child gets the RADIUS request from the switch and gives the following errors.
NPS Event 6274 The Active Directory global catalog cannot be accessed
NPS Event 6273 Authentication failed due to a user credentials mismatch. Either the username provided does not map to an existing user account or the password was incorrect.
So how can I verify the RADIUS server is checking against the Child Domain controllers for when that domain is connected?
