cncurrent authentication login

Unanswered Question
Apr 10th, 2009

Hi

I have wireless LAN Controller. I have enabled WPA. I have AAA (CISCO ACS) Server for authentication.

I have configured individual username passwords for wireless clients in ACS. But the same username password is been used simultaneously by two different users.

I want to restrict such a way that the username password is access by one person at a time.

Can you please guide me how to achieve this

R.B.Kumar

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Jagdeep Gambhir Fri, 04/10/2009 - 07:09

You need to use option Max Sessions in acs -->group setup

Sessions available to group

Or

Sessions available to users of this group

Regards,

~JG

Do rate helpful posts

hclisschennai Fri, 04/10/2009 - 10:25

Hi JG,

Thanks for your input. I hope i communicated to you correctly. The prime requirement is, at a time two users should not login to the network using the same username and password.

Whether "Sessions available to users of this group" is the solution. If i am deviating please correct me.

Also can you suggest me once I create username and password for a users who is going to be authenticated using EAP, what is the provision available to enable the user to change his password on his own.

Thanks in advance

RBK

Jagdeep Gambhir Fri, 04/10/2009 - 12:24

RBK,

For your first question "Sessions available to users of this group" is the correct option to use. Remember to use radius accounting to make that feature work.

PEAP and EAP-FAST Windows Password Aging-Users must be in the Windows user database and be using a Microsoft client that supports EAP, such as Windows XP. For information on the requirements and configuration of this password aging mechanism, see Enabling Password

Aging for Users in Windows Databases.

.RADIUS-based Windows Password Aging-Users must be in the Windows user database and be

using the Windows Dial-up Networking (DUN) client. For information on the requirements and configuration of this password aging mechanism, see Enabling Password Aging for Users in Windows Databases.

.Password Aging for Device-hosted Sessions-Users must be in the CiscoSecure user database, the AAA client must be running TACACS+, and the connection must use Telnet. You can control the ability of users to change passwords during a device-hosted Telnet session. You can also control whether Cisco Secure ACS propagates passwords changed by this feature. For more information, see Local Password Management.

.Password Aging for Transit Sessions-Users must be in the CiscoSecure user database. Users must use a PPP dialup client. Further, the end-user client must have CiscoSecure

Authentication Agent (CAA) installed.

Regards,

~JG

Do rate helpful posts

Actions

This Discussion