08-03-2010 07:48 AM
We currently use Active Directory to authenticate through IPsec VPN.
Employee was let go..so his AD account was disabled
However, he has another AD username and password that can not be disabled since it
is being used under other services
Our entire company is under one Group Policy
My question is.how would I block him from accessing the network.?
Solved! Go to Solution.
08-03-2010 08:41 AM
No you wont have to configure any new group-policy. All you have to do is create a create a dap policy saying that if a user comes with this attribute from radius or ldap (username in ur case) apply a certain policy ( terminate ) to it. For rest all users, since they don't match that criterion, they will hit the default dap policy which will alow them normally without applying any policy for them.
08-03-2010 07:56 AM
you could use DAP to block that user from authenticating succesffuly. Create a policy to match the user attribute( say sAMAccountName for ldap) and terminate as policy action. For rest of the users, you could use a continue action in the default policy which should allow normal authentication and authorization.
For details on DAP.
http://www.cisco.com/en/US/products/ps6120/products_white_paper09186a00809fcf38.shtml
08-03-2010 08:25 AM
from the looks of it..I may have to configure an entire new group policy?
however this could impact currrent users
08-03-2010 08:41 AM
No you wont have to configure any new group-policy. All you have to do is create a create a dap policy saying that if a user comes with this attribute from radius or ldap (username in ur case) apply a certain policy ( terminate ) to it. For rest all users, since they don't match that criterion, they will hit the default dap policy which will alow them normally without applying any policy for them.
08-03-2010 08:45 AM
great!...thx!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: