It's setup as Windows NT authentication. When I try and add a mapping
the only option I get is for Vlan ID. When we first setup Clean Access
this was the only option that would work for us. Looks like I may have
to change that.
Paul Miller
Network Administrator
Dominican University
708-524-6641
-----Original Message-----
From: Cisco Clean Access Users and Administrators
[mailto:[log in to unmask]] On Behalf Of Nathaniel Austin
Sent: Friday, April 18, 2008 10:51 AM
To: [log in to unmask]
Subject: Re: Block user
Is it an AD-SSO, LDAP, or Kerberos Auth server?
If AD-SSO or LDAP you could create a mapping rule on his/her user name.
Nate
Miller, Paul wrote:
> This would be fine. I'm not sure how to do this. I have a "Problem
> Role" setup, but can't figure out how to put a single AD authenticated
> user in that role.
>
>
> Paul Miller
> Network Administrator
> Dominican University
> 708-524-6641
>
> -----Original Message-----
> From: Cisco Clean Access Users and Administrators
> [mailto:[log in to unmask]] On Behalf Of Ben Fielden
> Sent: Friday, April 18, 2008 10:09 AM
> To: [log in to unmask]
> Subject: Re: Block user
>
> Yea, I'm with Greg on this. How would you know whose permissions to
> apply if they have yet to log in?
>
> Here at GW we do two tiers of blocking. If we get a notification that
> the user needs to be turned off (disciplinary action, legal action,
etc)
>
> than their account gets the problem role and their only access is to
an
> "Access Denied - Call Student Technology Services" site. If the issue
is
>
> the machine that they're on (bandwidth use, file sharing, security
issue
>
> of some kind, etc) than the MAC gets filtered in the manager to use
that
>
> same role and they only get access to that same site. Sometimes both
of
> these methods have to be applied together if a user gets his/her
> roommate to login for them.
>
> Ben Fielden
> Student Technology Services
> The George Washington University
>
> Greg Schaffer wrote:
>
>> I think by definition the user has to authenticate ("log in") so as
to
>>
>
>
>> identify a restricted role the user can then be placed in. If the
user
>>
>
>
>> doesn't log in, how would you know what user to apply policy to?
>>
>> Greg
>>
>> Greg Schaffer, CISSP
>>
>> Director of Network Services
>>
>> Middle Tennessee State University
>>
>>
>>
>
------------------------------------------------------------------------
>
>> *From:* Cisco Clean Access Users and Administrators
>> [mailto:[log in to unmask]] *On Behalf Of *Miller, Paul
>> *Sent:* Friday, April 18, 2008 9:22 AM
>> *To:* [log in to unmask]
>> *Subject:* Block user
>>
>> Can anyone tell me if there is a way to restrict a user from logging
>> in to Clean Access. I noticed that I can restrict a device, but no
>> options for a user.
>>
>> Paul Miller
>>
>> Network Administrator
>>
>> Dominican University
>>
>> River Forest, IL
>>
>> 708-524-6641
>>
>>
|