The configurations can work for both NMIS and OMK, but is a requisite that SSO is configured first.
Supported Versions
NMIS 8.7.2
opCharts 3.5.1
opEvents 2.6.3
opConfig 3.5.2
opHA 2.2.1
- opReports 3.4.2?
Limit the number of concurrent user sessions
This feature will limit the number of sessions that a user can open at the same time.
Some specific considerations:
- Keep in mind to close the user session. The session time out is for user inactivity: if the user doesn’t let the server know that the sessions should be closed, it does not have other way to know if the session should be closed.
- All the user sessions can be removed by using the nmis8 cli tool.
Global configurations
Should be specified in nmis (/usr/local/nmis8/conf/Config.nmis) and omk (/usr/local/omk/conf/opCommon.json) configuration:
'max_sessions_enabled' = true/false => False by default 'max_sessions' = 0...N => No default. Should be specified 'session_dir' => '<nmis_var>/nmis_system/user_session', => Don't need to change. Should be the same for OMK and NMIS.
The number of max sessions can be changed by user. This is a setting modified in the nmis users file, /usr/local/nmis8/conf/Users.nmis:
'testuser' => { 'admission' => 'true', 'groups' => 'network,123,ABC_Corp,Amazon,Any_Company,Branches,Cloud,Core_Network,DataC$ 'privilege' => 'operator', 'user' => 'testuser', 'max_sessions' => 10 },
How to disable capability for just one user
You can disable the capability when max_sessions is 0, /usr/local/nmis8/conf/Users.nmis:
'testuser' => { 'admission' => 'true', 'groups' => 'network,123,ABC_Corp,Amazon,Any_Company,Branches,Cloud,Core_Network,DataC$ 'privilege' => 'operator', 'user' => 'testuser', 'max_sessions' => 0 },
Sessions won't be tracked for that user.
How to remove the sessions for one user
It is possible to remove all the open session for an user, using the nmis cli tool:
/usr/local/nmis8/bin/nmis.pl type=clean_sessions user=USERNAME debug=1
if USERNAME = ALL, it will clean the sessions for all the users.
Block a user not logged in certain period of time
It is possible to block a user if has not logged in for a specified period of time. For example, when set to 3 months, the system will block a user that has not logged in in the last 3 months.
- If an user is not logged in, won't be locked.
- The last login time for an user will only be tracked once this versions are update.
Global configurations
Should be specified in nmis (/usr/local/nmis8/conf/Config.nmis) and omk (/usr/local/omk/conf/opCommon.json) configuration:
'expire_users' => 'true/false', 'expire_users_after' => 86400 * 90 # Seconds, this is 3 months 'last_login_dir' => '<nmis_var>/nmis_system' => Don't need to change. Should be the same for OMK and NMIS.
The number of max sessions can be changed by user.
'nmis' => { 'admission' => 'true', 'groups' => 'all', 'privilege' => 'administrator', 'user' => 'nmis' 'expire_after' => 86400 * 30 },
How to set up one account so the user is never locked
Just set up the user setting to 0.
In /usr/local/nmis8/conf/Users.nmis:
'nmis' => { 'admission' => 'true', 'groups' => 'all', 'privilege' => 'administrator', 'user' => 'nmis' 'expire_after' => 0 },
How to unlock an user
You can use the nmis cli tool. It should be run as root:
sudo /usr/local/nmis8/bin/nmis.pl type=unlock_user user=USERNAME debug=1
opHA user
Please, make sure opHA user has set max_sessions to 0 and expire_after in order to work properly, as opHA does not use that cookie information:
'omkapi' => { 'user' => 'omkapi', 'groups' => 'all', 'privilege' => 'operator', 'max_sessions' => 0, 'expire_after' => 0 },
opReports: Node report does not show Node graphics
Please, make sure omk/conf/opCommon.nmis nmis_host_base and nmis8/conf/Config.nmis nis_host are properly set up.