how to limit one username can be only used one time for authentication?

Unanswered Question
May 23rd, 2008
User Badges:
  • Silver, 250 points or more

Hi All,

I'm using ACSE 4.1+4402+Windows Database, we want to limit one username/password can only be used one time for authentication in the same time. Right now, we found we can use the same username/password to login to the WLAN from different laptops at the same time. I have tried to set "max sessions per user" to be 1 in ACSE's group configurations(user will use group setting), but it didn't work, we can still use two laptops to login to the WLAN by using same username/password at the same time, and in ACSE's passed authentication log, we can see different client had used the same username to login to the WLAN.

Any ideas? Thanks!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Scott Fella Sat, 05/24/2008 - 19:36
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

Try to set this in the wlc:


config netuser maxEapUserLogin 1

or

config netuser maxuserlogin 1


I know this works for local users, but might work in your case too.

bbxie Sun, 05/25/2008 - 16:43
User Badges:
  • Silver, 250 points or more

Hi Scott,

Thanks for your advice, what version have you tested with this command? I use 4.2.112, it didn't work if I use ACSE to authenticate.

Scott Fella Sun, 05/25/2008 - 18:25
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

I have only tested with the 4.0 version. the only thing I can suggest is to open a TAC cas with the security AAA group. I have never tried to only allow one user, but since that is a selection in ACS, openeing a case with the wrieless TAC will only lead you back to the AAA team.

Scott Fella Sun, 05/25/2008 - 19:30
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

I was just reading your post again and noticed you set the max user to 1 on the group and not on the user in that group. The weird thing is that the user profile overrides the group setting. Either set it per user or verify that it is set to use group settings. That should work, if not.... I would open a TAC case.

bbxie Sun, 05/25/2008 - 20:02
User Badges:
  • Silver, 250 points or more

I have configured the user to use group setting. However, I have also tried to set it at user level, the same result. I will open a TAC case. Thanks for your help!

Actions

This Discussion

 

 

Trending Topics - Security & Network