Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
327
Views
5
Helpful
3
Replies

cncurrent authentication login

hclisschennai
Level 1
Level 1

‎04-10-2009 02:09 AM - edited ‎03-10-2019 04:26 PM

Hi

I have wireless LAN Controller. I have enabled WPA. I have AAA (CISCO ACS) Server for authentication.

I have configured individual username passwords for wireless clients in ACS. But the same username password is been used simultaneously by two different users.

I want to restrict such a way that the username password is access by one person at a time.

Can you please guide me how to achieve this

R.B.Kumar

Labels:
0 Helpful
3 Replies 3

Jagdeep Gambhir
Level 10
Level 10

‎04-10-2009 07:09 AM

You need to use option Max Sessions in acs -->group setup

Sessions available to group

Or

Sessions available to users of this group

Regards,

~JG

Do rate helpful posts

hclisschennai
Level 1
Level 1
In response to Jagdeep Gambhir

‎04-10-2009 10:25 AM

Hi JG,

Thanks for your input. I hope i communicated to you correctly. The prime requirement is, at a time two users should not login to the network using the same username and password.

Whether "Sessions available to users of this group" is the solution. If i am deviating please correct me.

Also can you suggest me once I create username and password for a users who is going to be authenticated using EAP, what is the provision available to enable the user to change his password on his own.

Thanks in advance

RBK

0 Helpful

Jagdeep Gambhir
Level 10
Level 10
In response to hclisschennai

‎04-10-2009 12:24 PM

RBK,

For your first question "Sessions available to users of this group" is the correct option to use. Remember to use radius accounting to make that feature work.

PEAP and EAP-FAST Windows Password Aging-Users must be in the Windows user database and be using a Microsoft client that supports EAP, such as Windows XP. For information on the requirements and configuration of this password aging mechanism, see Enabling Password

Aging for Users in Windows Databases.

.RADIUS-based Windows Password Aging-Users must be in the Windows user database and be

using the Windows Dial-up Networking (DUN) client. For information on the requirements and configuration of this password aging mechanism, see Enabling Password Aging for Users in Windows Databases.

.Password Aging for Device-hosted Sessions-Users must be in the CiscoSecure user database, the AAA client must be running TACACS+, and the connection must use Telnet. You can control the ability of users to change passwords during a device-hosted Telnet session. You can also control whether Cisco Secure ACS propagates passwords changed by this feature. For more information, see Local Password Management.

.Password Aging for Transit Sessions-Users must be in the CiscoSecure user database. Users must use a PPP dialup client. Further, the end-user client must have CiscoSecure

Authentication Agent (CAA) installed.

Regards,

~JG

Do rate helpful posts

0 Helpful
Customers Also Viewed These Support Documents