Re: Block user

Fri, 18 Apr 2008 08:57:09 -0700 

Is it an AD-SSO, LDAP, or Kerberos Auth server?

If AD-SSO or LDAP you could create a mapping rule on his/her user name.

Nate

Miller, Paul wrote:

This would be fine.  I'm not sure how to do this.  I have a "Problem
Role" setup, but can't figure out how to put a single AD authenticated
user in that role.


Paul Miller
Network Administrator
Dominican University
708-524-6641

-----Original Message-----
From: Cisco Clean Access Users and Administrators
[mailto:[EMAIL PROTECTED] On Behalf Of Ben Fielden
Sent: Friday, April 18, 2008 10:09 AM
To: [email protected]
Subject: Re: Block user
Yea, I'm with Greg on this. How would you know whose permissions to apply if they have yet to log in?
Here at GW we do two tiers of blocking. If we get a notification that the user needs to be turned off (disciplinary action, legal action, etc)
than their account gets the problem role and their only access is to an "Access Denied - Call Student Technology Services" site. If the issue is 

the machine that they're on (bandwidth use, file sharing, security issue

of some kind, etc) than the MAC gets filtered in the manager to use that
same role and they only get access to that same site. Sometimes both of these methods have to be applied together if a user gets his/her roommate to login for them. 

Ben Fielden
Student Technology Services
The George Washington University

Greg Schaffer wrote:

I think by definition the user has to authenticate ("log in") so as to



identify a restricted role the user can then be placed in. If the user



doesn't log in, how would you know what user to apply policy to?

Greg

Greg Schaffer, CISSP

Director of Network Services

Middle Tennessee State University



------------------------------------------------------------------------
*From:* Cisco Clean Access Users and Administrators [mailto:[EMAIL PROTECTED] *On Behalf Of *Miller, Paul 
*Sent:* Friday, April 18, 2008 9:22 AM
*To:* [email protected]
*Subject:* Block user
Can anyone tell me if there is a way to restrict a user from logging in to Clean Access. I noticed that I can restrict a device, but no options for a user. 

Paul Miller

Network Administrator

Dominican University

River Forest, IL

708-524-6641

Reply via email to