LISTSERV - CLEANACCESS Archives - LISTSERV.MIAMIOH.EDU

CLEANACCESS Archives

April 2008

CLEANACCESS@LISTSERV.MIAMIOH.EDU

	LISTSERV Archives
	CLEANACCESS Home
	CLEANACCESS April 2008

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Block user
From:	Nathaniel Austin <[log in to unmask]>
Reply To:	Cisco Clean Access Users and Administrators <[log in to unmask]>
Date:	Fri, 18 Apr 2008 11:50:56 -0400
Content-Type:	text/plain
Parts/Attachments:	text/plain (91 lines)

Is it an AD-SSO, LDAP, or Kerberos Auth server?

If AD-SSO or LDAP you could create a mapping rule on his/her user name.

Nate

Miller, Paul wrote:
> This would be fine.  I'm not sure how to do this.  I have a "Problem
> Role" setup, but can't figure out how to put a single AD authenticated
> user in that role.
>
>
> Paul Miller
> Network Administrator
> Dominican University
> 708-524-6641
>
> -----Original Message-----
> From: Cisco Clean Access Users and Administrators
> [mailto:[log in to unmask]] On Behalf Of Ben Fielden
> Sent: Friday, April 18, 2008 10:09 AM
> To: [log in to unmask]
> Subject: Re: Block user
>
> Yea, I'm with Greg on this. How would you know whose permissions to 
> apply if they have yet to log in?
>
> Here at GW we do two tiers of blocking. If we get a notification that 
> the user needs to be turned off (disciplinary action, legal action, etc)
>
> than their account gets the problem role and their only access is to an 
> "Access Denied - Call Student Technology Services" site. If the issue is
>
> the machine that they're on (bandwidth use, file sharing, security issue
>
> of some kind, etc) than the MAC gets filtered in the manager to use that
>
> same role and they only get access to that same site. Sometimes both of 
> these methods have to be applied together if a user gets his/her 
> roommate to login for them.
>
> Ben Fielden
> Student Technology Services
> The George Washington University
>
> Greg Schaffer wrote:
>   
>> I think by definition the user has to authenticate ("log in") so as to
>>     
>
>   
>> identify a restricted role the user can then be placed in. If the user
>>     
>
>   
>> doesn't log in, how would you know what user to apply policy to?
>>
>> Greg
>>
>> Greg Schaffer, CISSP
>>
>> Director of Network Services
>>
>> Middle Tennessee State University
>>
>>
>>     
> ------------------------------------------------------------------------
>   
>> *From:* Cisco Clean Access Users and Administrators 
>> [mailto:[log in to unmask]] *On Behalf Of *Miller, Paul
>> *Sent:* Friday, April 18, 2008 9:22 AM
>> *To:* [log in to unmask]
>> *Subject:* Block user
>>
>> Can anyone tell me if there is a way to restrict a user from logging 
>> in to Clean Access. I noticed that I can restrict a device, but no 
>> options for a user.
>>
>> Paul Miller
>>
>> Network Administrator
>>
>> Dominican University
>>
>> River Forest, IL
>>
>> 708-524-6641
>>
>>

ATOM RSS1 RSS2

LISTSERV.MIAMIOH.EDU