CLEANACCESS Archives

April 2008

CLEANACCESS@LISTSERV.MIAMIOH.EDU
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: Block user
From:
Nathaniel Austin <[log in to unmask]>
Reply To:
Cisco Clean Access Users and Administrators <[log in to unmask]>
Date:
Fri, 18 Apr 2008 12:10:33 -0400
Content-Type:
text/plain
Parts/Attachments:
text/plain (143 lines) 
Yeah, you can't do any mappings using the old WinNT method of 
authentication. Best bet would probably be to try LDAP.

Nate

Miller, Paul wrote:
> It's setup as Windows NT authentication.  When I try and add a mapping
> the only option I get is for Vlan ID.  When we first setup Clean Access
> this was the only option that would work for us.  Looks like I may have
> to change that.
>
> Paul Miller
> Network Administrator
> Dominican University
> 708-524-6641
>
>
> -----Original Message-----
> From: Cisco Clean Access Users and Administrators
> [mailto:[log in to unmask]] On Behalf Of Nathaniel Austin
> Sent: Friday, April 18, 2008 10:51 AM
> To: [log in to unmask]
> Subject: Re: Block user
>
> Is it an AD-SSO, LDAP, or Kerberos Auth server?
>
> If AD-SSO or LDAP you could create a mapping rule on his/her user name.
>
> Nate
>
> Miller, Paul wrote:
>   
>> This would be fine.  I'm not sure how to do this.  I have a "Problem
>> Role" setup, but can't figure out how to put a single AD authenticated
>> user in that role.
>>
>>
>> Paul Miller
>> Network Administrator
>> Dominican University
>> 708-524-6641
>>
>> -----Original Message-----
>> From: Cisco Clean Access Users and Administrators
>> [mailto:[log in to unmask]] On Behalf Of Ben Fielden
>> Sent: Friday, April 18, 2008 10:09 AM
>> To: [log in to unmask]
>> Subject: Re: Block user
>>
>> Yea, I'm with Greg on this. How would you know whose permissions to 
>> apply if they have yet to log in?
>>
>> Here at GW we do two tiers of blocking. If we get a notification that 
>> the user needs to be turned off (disciplinary action, legal action,
>>     
> etc)
>   
>> than their account gets the problem role and their only access is to
>>     
> an 
>   
>> "Access Denied - Call Student Technology Services" site. If the issue
>>     
> is
>   
>> the machine that they're on (bandwidth use, file sharing, security
>>     
> issue
>   
>> of some kind, etc) than the MAC gets filtered in the manager to use
>>     
> that
>   
>> same role and they only get access to that same site. Sometimes both
>>     
> of 
>   
>> these methods have to be applied together if a user gets his/her 
>> roommate to login for them.
>>
>> Ben Fielden
>> Student Technology Services
>> The George Washington University
>>
>> Greg Schaffer wrote:
>>   
>>     
>>> I think by definition the user has to authenticate ("log in") so as
>>>       
> to
>   
>>>     
>>>       
>>   
>>     
>>> identify a restricted role the user can then be placed in. If the
>>>       
> user
>   
>>>     
>>>       
>>   
>>     
>>> doesn't log in, how would you know what user to apply policy to?
>>>
>>> Greg
>>>
>>> Greg Schaffer, CISSP
>>>
>>> Director of Network Services
>>>
>>> Middle Tennessee State University
>>>
>>>
>>>     
>>>       
> ------------------------------------------------------------------------
>   
>>   
>>     
>>> *From:* Cisco Clean Access Users and Administrators 
>>> [mailto:[log in to unmask]] *On Behalf Of *Miller, Paul
>>> *Sent:* Friday, April 18, 2008 9:22 AM
>>> *To:* [log in to unmask]
>>> *Subject:* Block user
>>>
>>> Can anyone tell me if there is a way to restrict a user from logging 
>>> in to Clean Access. I noticed that I can restrict a device, but no 
>>> options for a user.
>>>
>>> Paul Miller
>>>
>>> Network Administrator
>>>
>>> Dominican University
>>>
>>> River Forest, IL
>>>
>>> 708-524-6641
>>>
>>>     
>>>

ATOM RSS1 RSS2