10-01-2015 10:23 AM - edited 03-10-2019 11:06 PM
We use ACS to authenticate users connecting to our wireless network.
Up until yesterday, we had Active Directory added with two groups selected: All Domain Users and All Domain Computers.
Yesterday, we changed All Domain Users to All Staff Wireless and All Students Wireless. This should have removed service accounts and will allow us to prevent certain staff and/or students from connecting when we choose.
Doing testing today, I'm able to connect to wireless with both a service account and my account, which has been removed from All Staff Wireless. I'm able to connect on both an iPhone and a Macbook.
Anybody know why this is? See below for a rundown of our setup:
So unless we missed something, this should be blocking our service accounts and users not in 1 of 2 wireless groups from connecting to our wireless network.
Anybody see anything wrong with our configuration? None of us are gurus in this as it has been set up and running for a long time.
10-01-2015 11:51 AM
Hi Logan,
When you see the successful log for authentication and authorization, do you see the rule that you have configured is getting hit and not any other rule which matches the conditions the user is presenting? I would start looking from there and if needed, move or modify the rules.
Regards,
Kanwal
Note: Please mark answers if they are helpful.
10-01-2015 12:32 PM
It's showing that I was authenticated by the Controller Access rule (our named rule from step 4 above) and my user came from AD1.
Currently the only place we have user groups specified is under Users and Identity Stores > External Identity Stores > Active Directory > Directory Groups. Is there anywhere else I need to select groups in order to restrict access to people outside of these groups?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide