maybe OT: RSA ACE/Server - SecurID login from NAS

maybe OT: RSA ACE/Server - SecurID login from NAS: Posted by Martin Bilgrav on September 5th, 2005; Hi,

I have several NAS (Citrix servers, Cisco VPN3030) from which user
can login via Tokencard and AC/Servers (SDI)
Now I want to be able to tell that a specific user only can login from
a specific NAS, and not any other NAS.

How can this be done on win32 servers version 5.1.1 ?

Next logical question is: Is there any utils/tools that can help be do
this for 1600+ users ?

regards
Martin; Posted by Robert on September 5th, 2005; Don't quote me, but I think you're going to have to set up separate ACE
servers and point the devices to the ACE server that houses the
accounts for that device's users. HTH

Robert; Posted by Martin Bilgrav on September 5th, 2005; What you are saying is that I need dedicated servers for each NAS ?

"Robert" <robert.edmeister@gmail.com> wrote in message
news:1125950913.260428.27350@g44g2000cwa.googlegro ups.com...; Posted by Robert on September 6th, 2005; Actually, now that I think about it more, I would assign users to
specific groups, and assign those groups only to the device that you
want the users to log on to. For example, if you only want accounting
folks to log on to NAS-A, assign them to the accounting group and put
that on NAS-A. Do likewise for other groups and NAS's. Does that make
sense?

Robert; Posted by Martin Bilgrav on September 6th, 2005; "Robert" <robert.edmeister@gmail.com> skrev i en meddelelse For example, if
you only want accounting
both yes and no it make sense.

I think that this should be done on a pr. user basis, since the condition
were a user needs to be allowed both NAS-a and NAS-b, but not NAS-c, then
what ?

But if this can be done - like Cisco ACS - with networkdevice groups, then
it makes sense; Posted by Vin McLellan on September 7th, 2005; Makes perfect sense. I'm a consultant to RSA. What Robert recommends
-- assign users to groups, then assign each group to the specific NAS
devices you want those users to use -- is almost surely what Martin's
RSA SSE would recommend if he had been asked.

Surete,
_Vin; Posted by Martin Bilgrav on September 8th, 2005; "Vin McLellan" <vin@theworld.com> wrote in message
news:1126100294.610944.138530@f14g2000cwb.googlegr oups.com...
also when I want to have some users allowed on several NAS, but not all NAS
?; Posted by Robert on September 9th, 2005; Then you would include their group on several NAS and point them to the
appropriate server.

Similar Posts

Dark screen when connect to a server (only login prompt) (Working Remotely) by Dalik
ACS + Active Directory + SecurID (Routers) by BarBaar
Secure ACS, kerberos and SecurID (Routers) by BarBaar
need a socks server that has a login!!? (Computers & Technology) by Brian
Can I use PPTP-based VPN with Cisco PIX and RSA Securid? (Routers) by Trond Hindenes