We've two ADs (abc.com and xyz.in )in Deployment, Entirely separate and no trust in between. We've integrated these two ADs in our Radius Server as an External Identity Source.
We are using dot1x (PEAP-MSCHAPv2) as an Authentication method to get the endpoints authenticated against the AD.
Now the Problem is Our Radius Server is presenting an EAP Auth certificate which is signed by "abc.com" root CA, so the Endpoints/Users which are part of abc.com AD are authenticating successfully without an issue, but the Users who are part of "xyz.in" are not.

They are getting the Error while machine authentication, Refer to the Attached screenshot.

Note:

Radius Server Can use only one EAP auth Certificate, signed by any one of the CA (either abc.com or xyz.in)

Tried importing abc.com root CA to the XYZ.in domain joined machines, didn't work.