Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
219
Views
0
Helpful
1
Replies

ISE_Mac base authetication for wireless and wired user.

shekhar.rawat
Level 1
Level 1

‎12-07-2016 10:29 AM - edited ‎03-11-2019 12:16 AM

I want to set MAC based binding for laptop users and only one login per user needs to allowed. (BOTH LAN AND WIFI USERS).

Labels:
0 Helpful
1 Reply 1

Gagandeep Singh
Cisco Employee
Cisco Employee

‎12-08-2016 02:11 AM

Hi,

In that case deploy NAM module over AC mobility client.

Single Sign On “Single User” Enforcement

Microsoft Windows allows multiple users to be logged on concurrently, but Cisco AnyConnect Network Access Manager restricts network authentication to a single user. AnyConnect Network Access Manager can be active for one user per desktop or server, regardless of how many users are logged on. Single user login enforcement implies that only one user can be logged in to the system at any one time and that administrators cannot force the currently logged-in user to log off.

When the Network Access Manager client module is installed on Windows desktops, the default behavior is to enforce single user logon. When installed on servers, the default behavior is to relax the single user login enforcement. In either case, you can modify or add a registry to change the default behavior.

Restrictions

 

  *

Windows administrators are restricted from forcing currently logged-on users to log off.

  *

RDP to a connected workstation is supported for the same user.

  *

To be considered the same user, credentials must be in the same format. For example, user/example is not the same as user@example.com<mailto:user@example.com>.

  *

Smart-card users must also have the same PIN to be considered the same user.

 

  *   Configure Single Sign-On Single User Enforcement< http://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect41/administration/guide/b_AnyConnect_Administrator_Guide_4-1/configure_nam.html#ID-1424-00000051>;

 

Configure Single Sign-On Single User Enforcement

To change how a Windows workstation or server handles multiple users, change the value of EnforceSingleLogon in the registry.

On Windows, the registry key is EnforceSingleLogon and is in the same registry location as the OverlayIcon key:

 

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{B12744B8-5BB7-463a-B85E-BB7627E73002}

 

 

To configure single or multiple user logon, add a DWORD named EnforceSingleLogon, and give it a value of 1 or 0.

For Windows:

 

  *

1 restricts logon to a single user.

  *

0 allows multiple users to be logged on.

 

 

http://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect41/administration/guide/b_AnyConnect_Administrator_Guide_4-1/configure_nam.html

Regards

Gagan

rate as correct if it helps!!!!!

0 Helpful
Customers Also Viewed These Support Documents