You could try using Active Directory to limit concurrent logons.
http://support.microsoft.com/kb/237282


_____________________________
Robert Biddle
Network Systems Engineer / Administrator 
College of Mount St. Joseph



-----Original Message-----
From: Cisco Clean Access Users and Administrators [mailto:[log in to unmask]] On Behalf Of Jeremy Wood
Sent: Monday, September 21, 2009 2:49 PM
To: [log in to unmask]
Subject: Re: Max User Sessions and AD SSO

Yup thats what I was testing with the problem is that it works for the
role when it is using LDAP but not when the login uses AD SSO and all
of our Fac/Staff (the ones we are trying to keep control over) use AD
SSO so the limit wouldn't effect them.

--Jeremy

On Mon, Sep 21, 2009 at 13:43, Herron, Chris <[log in to unmask]> wrote:
> Jeremy,
>
> Did you try configuring the respective role for the users you're trying to manage to only allow a Max Session = 1...???
>
> User Roles ==> Edit Role ==> Max Sessions per User Account
>
> Let us know if this works for you.
>
> CH
>
>
> -----Original Message-----
> From: Cisco Clean Access Users and Administrators [mailto:[log in to unmask]] On Behalf Of Jeremy Wood
> Sent: Friday, September 18, 2009 08:57 AM
> To: [log in to unmask]
> Subject: Max User Sessions and AD SSO
>
> Hey Everyone.
>
> I have started looking into the CAM's ability to limit users sessions
> on the network as a way to solve a problem we are having with people
> sharing accounts with new employees and students working for them. In
> testing it works perfectly with our LDAP authentication (prompted the
> user to remove their oldest session and is CAS specific) but it didn't
> work at all with our AD SSO setup, which is a problem considering this
> is what all of our Fac/Staff use.
>
> So I'm wondering if anyone out there is using this function with AD
> SSO. We are running Real-IP Gateway and OOB Real-IP Gateways (Wireless
> and Wired respectively)
>
> Thanks!!
>
> --Jeremy
>