Yes, in theory, your thoughts are right.
Based on my discussion with my colleagues, you need one NPS server in multi-forest (two-way trust) environment. If you setup PEAP-MSCHAP-V2, NPS server should have CA certs from each of the forests. That's to say, you need multiple network policies that contain different CA cert from each of the forests.
Best Rehards,
Candy
--------------------------------------------------------------
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.