Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

VPN 3000 / Client 4.x - SecureACS RADIUS - Active Directory

Can someone clear something up for me. Recently some of my colleagues indicated that when using a VPN concentrator 3030 and RADIUS authentication through a SecureACS database against and Active Directory; you can delete the account out of AD and the user is still allowed to VPN in to the network because their account name and password is “cached” on the SecureACS server. Therefore you have to remove the account out of both databases.

This seems absurd. Can anyone clear this up? Why is there a duplication of user accounts in the SecureACS server?

2 REPLIES
New Member

Re: VPN 3000 / Client 4.x - SecureACS RADIUS - Active Directory

Check the default group in ACS. This group is auto populated after the user initially connects to your VPN. Delete the user from the group and you will deny access.

New Member

Re: VPN 3000 / Client 4.x - SecureACS RADIUS - Active Directory

Yes, but why should I have to delete them in both places? The idea of using AD as our primary authentication is to benefit from single sign-on featues. That includes a single management point for account additions and removals.

125
Views
0
Helpful
2
Replies
CreatePlease to create content