Authentication configurations

The configurations can work for both NMIS and OMK, but is a requisite that SSO is configured first

Supported Versions

  • NMIS 8.7.2

  • opCharts 3.5.1

  • opEvents 2.6.3

  • opConfig 3.5.2

  • opHA 2.2.1

  • opReports 3.4.2

Limit the number of concurrent user sessions

This feature will limit the number of sessions that a user can open at the same time. 

Some specific considerations:

  • Keep in mind to close the user session. The session time out is for user inactivity: if the user doesn’t let the server know that the sessions should be closed, it does not have other way to know if the session should be closed. 
  • All the user sessions can be removed by using the nmis8 cli tool.

Global configurations

Should be specified in nmis (/usr/local/nmis8/conf/Config.nmis) and omk (/usr/local/omk/conf/opCommon.json) configuration: 

'max_sessions_enabled' = true/false => False by default
'max_sessions' = 0...N => No default. Should be specified
'session_dir' => '<nmis_var>/nmis_system/user_session', => Don't need to change. Should be the same for OMK and NMIS. 

The number of max sessions can be changed by user. This is a setting modified in the nmis users file, /usr/local/nmis8/conf/Users.nmis:

  'testuser' => {
    'admission' => 'true',
    'groups' => 'network,123,ABC_Corp,Amazon,Any_Company,Branches,Cloud,Core_Network,DataC$
    'privilege' => 'operator',
    'user' => 'testuser',
    'max_sessions' => 10
  },

How to disable capability for just one user

You can disable the capability when max_sessions is 0, /usr/local/nmis8/conf/Users.nmis:

  'testuser' => {
    'admission' => 'true',
    'groups' => 'network,123,ABC_Corp,Amazon,Any_Company,Branches,Cloud,Core_Network,DataC$
    'privilege' => 'operator',
    'user' => 'testuser',
    'max_sessions' => 0
  },

Sessions won't be tracked for that user. 

How to remove the sessions for one user

It is possible to remove all the open session for an user, using the nmis cli tool: 

/usr/local/nmis8/bin/nmis.pl type=clean_sessions user=USERNAME debug=1

if USERNAME = ALL, it will clean the sessions for all the users. 

Lock a user not logged in certain period of time

It is possible to lock a user if has not logged in for a specified period of time. For example, when set to 3 months, the system will lock an user that has not logged in in the last 3 months. 

  • If an user is not logged in, won't be locked. 
  • The last login time for an user will only be tracked once this versions are update. 

Global configurations

Should be specified in nmis (/usr/local/nmis8/conf/Config.nmis) and omk (/usr/local/omk/conf/opCommon.json) configuration: 

'expire_users' => 'true/false',
'expire_users_after' => 86400 * 90 # Seconds, this is 3 months
'last_login_dir' => '<nmis_var>/nmis_system' => Don't need to change. Should be the same for OMK and NMIS. 

The number of max sessions can be changed per user.

  'nmis' => {
    'admission' => 'true',
    'groups' => 'all',
    'privilege' => 'administrator',
    'user' => 'nmis'
    'expire_after' => 86400 * 30
  },


How to set up one account so the user is never locked

Just set up the user setting to 0. 

In /usr/local/nmis8/conf/Users.nmis:

  'nmis' => {
    'admission' => 'true',
    'groups' => 'all',
    'privilege' => 'administrator',
    'user' => 'nmis'
    'expire_after' => 0
  },


How to unlock an user

You can use the nmis cli tool. It should be run as root:

sudo /usr/local/nmis8/bin/nmis.pl type=unlock_user user=USERNAME debug=1


opHA user

Please, make sure opHA user has set max_sessions to 0 and expire_after in order to work properly, as opHA does not use that cookie information:

  'omkapi' => {
    'user' => 'omkapi',
    'groups' => 'all',
    'privilege' => 'operator',
    'max_sessions' => 0,
    'expire_after' => 0
  },


opReports: Node report does not show Node graphics 

Please, make sure omk/conf/opCommon.nmis nmis_host_base and nmis8/conf/Config.nmis nis_host are properly set up.  

Related pages