Is it an AD-SSO, LDAP, or Kerberos Auth server?
If AD-SSO or LDAP you could create a mapping rule on his/her user name.
Nate
Miller, Paul wrote:
> This would be fine. I'm not sure how to do this. I have a "Problem
> Role" setup, but can't figure out how to put a single AD authenticated
> user in that role.
>
>
> Paul Miller
> Network Administrator
> Dominican University
> 708-524-6641
>
> -----Original Message-----
> From: Cisco Clean Access Users and Administrators
> [mailto:[log in to unmask]] On Behalf Of Ben Fielden
> Sent: Friday, April 18, 2008 10:09 AM
> To: [log in to unmask]
> Subject: Re: Block user
>
> Yea, I'm with Greg on this. How would you know whose permissions to
> apply if they have yet to log in?
>
> Here at GW we do two tiers of blocking. If we get a notification that
> the user needs to be turned off (disciplinary action, legal action, etc)
>
> than their account gets the problem role and their only access is to an
> "Access Denied - Call Student Technology Services" site. If the issue is
>
> the machine that they're on (bandwidth use, file sharing, security issue
>
> of some kind, etc) than the MAC gets filtered in the manager to use that
>
> same role and they only get access to that same site. Sometimes both of
> these methods have to be applied together if a user gets his/her
> roommate to login for them.
>
> Ben Fielden
> Student Technology Services
> The George Washington University
>
> Greg Schaffer wrote:
>
>> I think by definition the user has to authenticate ("log in") so as to
>>
>
>
>> identify a restricted role the user can then be placed in. If the user
>>
>
>
>> doesn't log in, how would you know what user to apply policy to?
>>
>> Greg
>>
>> Greg Schaffer, CISSP
>>
>> Director of Network Services
>>
>> Middle Tennessee State University
>>
>>
>>
> ------------------------------------------------------------------------
>
>> *From:* Cisco Clean Access Users and Administrators
>> [mailto:[log in to unmask]] *On Behalf Of *Miller, Paul
>> *Sent:* Friday, April 18, 2008 9:22 AM
>> *To:* [log in to unmask]
>> *Subject:* Block user
>>
>> Can anyone tell me if there is a way to restrict a user from logging
>> in to Clean Access. I noticed that I can restrict a device, but no
>> options for a user.
>>
>> Paul Miller
>>
>> Network Administrator
>>
>> Dominican University
>>
>> River Forest, IL
>>
>> 708-524-6641
>>
>>
|