You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 11 Next »

The configurations can work for both NMIS and OMK, but is a requisite that SSO is configured first

Supported Versions

  • NMIS 8.7.2

  • opCharts 3.5.1

  • opEvents 2.6.3

  • opConfig 3.5.2

  • opHA 2.2.1

  • opReports 3.4.2?

Limit the number of concurrent user sessions

This feature will limit the number of sessions that a user can open at the same time. 

Some specific considerations:

  • Keep in mind to close the user session. The session time out is for user inactivity: if the user doesn’t let the server know that the sessions should be closed, it does not have other way to know if the session should be closed. 
  • All the user sessions can be removed by using the nmis8 cli tool.

Global configurations

Should be specified in nmis (/usr/local/nmis8/conf/Config.nmis) and omk (/usr/local/omk/conf/opCommon.json) configuration: 

'max_sessions_enabled' = true/false => False by default
'max_sessions' = 0...N => No default. Should be specified
'session_dir' => '<nmis_var>/nmis_system/user_session', => Don't need to change. Should be the same for OMK and NMIS.

The number of max sessions can be changed by user. This is a setting modified in the nmis users file, /usr/local/nmis8/conf/Users.nmis:

  'testuser' => {
    'admission' => 'true',
    'groups' => 'network,123,ABC_Corp,Amazon,Any_Company,Branches,Cloud,Core_Network,DataC$
    'privilege' => 'operator',
    'user' => 'testuser',
    'max_sessions' => 10
  },


How to remove the sessions for one user

It is possible to remove all the open session for an user, using the nmis cli tool: 

/usr/local/nmis8/bin/nmis.pl type=clean_sessions user=USERNAME debug=1

if USERNAME = ALL, it will clean the sessions for all the users. 

Block a user not logged in certain period of time

It is possible to block a user if has not logged in for a specified period of time. For example, when set to 3 months, the system will lock an user is has not logged in in the last 3 months. 

  • If an user is not logged in, won't be locked. 
  • The last login time for an user will only be tracked once this versions are update. 

Global configurations

Should be specified in nmis (/usr/local/nmis8/conf/Config.nmis) and omk (/usr/local/omk/conf/opCommon.json) configuration: 

'expire_users' => 'true/false',
'expire_users_after' => 86400 * 90 # Seconds, this is 3 months
'last_login_dir' => '<nmis_var>/nmis_system' => Don't need to change. Should be the same for OMK and NMIS.

The number of max sessions can be changed by user.

  'nmis' => {
    'admission' => 'true',
    'groups' => 'all',
    'privilege' => 'administrator',
    'user' => 'nmis'
    'expire_after' => 86400 * 30
  },


How to set up one account so the user is never locked

Just set up the user setting to 0. 

In /usr/local/nmis8/conf/Users.nmis:

  'nmis' => {
    'admission' => 'true',
    'groups' => 'all',
    'privilege' => 'administrator',
    'user' => 'nmis'
    'expire_after' => 0
  },


How to unlock an user

You can use the nmis cli tool. It should be run as root:

sudo /usr/local/nmis8/bin/nmis.pl type=unlock_user user=USERNAME debug=1



  • No labels