It's setup as Windows NT authentication. When I try and add a mapping the only option I get is for Vlan ID. When we first setup Clean Access this was the only option that would work for us. Looks like I may have to change that.
Paul Miller Network Administrator Dominican University 708-524-6641 -----Original Message----- From: Cisco Clean Access Users and Administrators [mailto:[EMAIL PROTECTED] On Behalf Of Nathaniel Austin Sent: Friday, April 18, 2008 10:51 AM To: [email protected] Subject: Re: Block user Is it an AD-SSO, LDAP, or Kerberos Auth server? If AD-SSO or LDAP you could create a mapping rule on his/her user name. Nate Miller, Paul wrote: > This would be fine. I'm not sure how to do this. I have a "Problem > Role" setup, but can't figure out how to put a single AD authenticated > user in that role. > > > Paul Miller > Network Administrator > Dominican University > 708-524-6641 > > -----Original Message----- > From: Cisco Clean Access Users and Administrators > [mailto:[EMAIL PROTECTED] On Behalf Of Ben Fielden > Sent: Friday, April 18, 2008 10:09 AM > To: [email protected] > Subject: Re: Block user > > Yea, I'm with Greg on this. How would you know whose permissions to > apply if they have yet to log in? > > Here at GW we do two tiers of blocking. If we get a notification that > the user needs to be turned off (disciplinary action, legal action, etc) > > than their account gets the problem role and their only access is to an > "Access Denied - Call Student Technology Services" site. If the issue is > > the machine that they're on (bandwidth use, file sharing, security issue > > of some kind, etc) than the MAC gets filtered in the manager to use that > > same role and they only get access to that same site. Sometimes both of > these methods have to be applied together if a user gets his/her > roommate to login for them. > > Ben Fielden > Student Technology Services > The George Washington University > > Greg Schaffer wrote: > >> I think by definition the user has to authenticate ("log in") so as to >> > > >> identify a restricted role the user can then be placed in. If the user >> > > >> doesn't log in, how would you know what user to apply policy to? >> >> Greg >> >> Greg Schaffer, CISSP >> >> Director of Network Services >> >> Middle Tennessee State University >> >> >> > ------------------------------------------------------------------------ > >> *From:* Cisco Clean Access Users and Administrators >> [mailto:[EMAIL PROTECTED] *On Behalf Of *Miller, Paul >> *Sent:* Friday, April 18, 2008 9:22 AM >> *To:* [email protected] >> *Subject:* Block user >> >> Can anyone tell me if there is a way to restrict a user from logging >> in to Clean Access. I noticed that I can restrict a device, but no >> options for a user. >> >> Paul Miller >> >> Network Administrator >> >> Dominican University >> >> River Forest, IL >> >> 708-524-6641 >> >>
