Security

Reply
Super Contributor II

Enforcement policy checking whether an AD account has been disabled

I'm trying to push the roll out of eap-tls  based authentication. One  of the requirements I've got is I need to check whether the user using the cert has had their account revoked.

Now I recon I could do something similar  in a number of ways but

assuming that the cert CN = their userid, can I check for the status of an AD account as part of an enforcement policy i.e. to see if its revoked ?

 

Super Contributor II

Re: Enforcement policy checking whether an AD account has been disabled

not sure what I was thinking with the last sentence. Logic is

If (ad account disabled)

 Send access-reject

else

 perform ocsp cert validation  and act upon result

 

Guru Elite

Re: Enforcement policy checking whether an AD account has been disabled

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: