Versions Compared

Old Version 2

changes.mady.by.user Josune Cordoba

Saved on

compared with

New Version Current

changes.mady.by.user Josune Cordoba

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

From NMIS 8.7.2 and OMK versions ... the following configurations are available. 

The configurations can work for both NMIS and OMK, but is a requisite that SSO is configured first

Supported Versions

  • NMIS 8.7.2

  • opCharts 3.5.1

  • opEvents 2.6.3

  • opConfig 3.5.2

  • opHA 2.2.1

  • opReports 3.4.2

Limit the number of concurrent user sessions

...

Code Block
  'testuser' => {
    'admission' => 'true',
    'groups' => 'network,123,ABC_Corp,Amazon,Any_Company,Branches,Cloud,Core_Network,DataC$
    'privilege' => 'operator',
    'user' => 'testuser',
    'max_sessions' => 10
  },

How to disable capability for just one user

You can disable the capability when max_sessions is 0, /usr/local/nmis8/conf/Users.nmis:

Code Block
  'testuser' => {
    'admission' => 'true',
    'groups' => 'network,123,ABC_Corp,Amazon,Any_Company,Branches,Cloud,Core_Network,DataC$
    'privilege' => 'operator',
    'user' => 'testuser',
    'max_sessions' => 0
  },

Sessions won't be tracked for that user. 

How to remove the sessions for one user

...

Code Block
/usr/local/nmis8/bin/nmis.pl type=clean_sessions user=USERNAME debug=1

...

if USERNAME = ALL, it will clean the sessions for all the users. 
Lock a user not logged in certain period of time
It is possible to block lock a user if has not logged in for an a specified period of time. For example, when set to 3 months, the system will lock an user that has not logged in in the last 3 months
  • If an user is not logged in, won't be locked. 
  • The last login time for an user will only be tracked once this versions are update. 
Global configurations
Should be specified in nmis (/usr/local/nmis8/conf/Config.nmis) and omk (/usr/local/omk/conf/opCommon.json) configuration: 
 Code Block
'expire_users' => 'true/false',
'expire_users_after' => 86400 * 90 # Seconds, this is 3 months
'last_login_dir' => '<nmis_var>/nmis_system' => Don't need to change. Should be the same for OMK and NMIS. 
The number of max sessions can be changed per user.
 Code Block
  'nmis' => {
    'admission' => 'true',
    'groups' => 'all',
    'privilege' => 'administrator',
    'user' => 'nmis'
    'expire_after' => 86400 * 30
  },

How to set up one account so the user is never locked
...
 Code Block
  'nmis' => {
    'admission' => 'true',
    'groups' => 'all',
    'privilege' => 'administrator',
    'user' => 'nmis'
    'expire_atafter' => 0
  },

How to unlock 
...
an user
You can use the nmis cli tool. It should be run as root:
 Code Block
sudo /usr/local/nmis8/bin/nmis.pl type=unlock_user user=USERNAME debug=1

opHA user
Please, make sure opHA user has set max_sessions to 0 and expire_after in order to work properly, as opHA does not use that cookie information:
 Code Block
  'omkapi' => {
    'user' => 'omkapi',
    'groups' => 'all',
    'privilege' => 'operator',
    'max_sessions' => 0,
    'expire_after' => 0
  },

opReports: Node report does not show Node graphics 
Please, make sure omk/conf/opCommon.nmis nmis_host_base and nmis8/conf/Config.nmis nis_host are properly set up.