I'm deploying Microsoft NPS Windows Server 2019 in two-way trust multiple AD forests for secure wireless access using EAP-TLS. The design is as below:
I have created another policy and included the domain users and computers group of xyz.com forest but still failed to authenticate. I have also added the NPS server computer object into RAS and IAS group of each AD forests.
Do I need to deploy a RADIUS proxy? Or is there any other configuration that I need to do in order to make it work?