Deactivate/Activate User - Shell Command

Question

Hi all, 
 I am looking for a shell command to deactivate and activate a user. We want to prevent some users during specific timeframes during the day so they can't login with their VPN clients. We are already using a shell command / cronjob to deactivate/activate Site-To-Site VPN tunnels. Does anyone know such a command for users? Couldn't find anything yet online. 
 Thanks.

BAlfson · Accepted Answer

Hallo Christopher and welcome to the UTM Community! 
 
 Probably the easiest way to have different people login at different times would be to have different SSL VPN Profiles with different members and then disable one and enable the other at a specific time. You would need to know the REF_ of each Profile: 
 # cc get_objects ssl_vpn remote_access_profile|grep \'ref 
 With that, you see that the 'Restricted' Profile is REF_SslRemRestrict. You disable a Profile by setting its status to 0 and enable it by setting the status to 1. To disable the 'Restricted' Profile: 
 # cc change_object REF_SslRemRestrict status 0 
 I suspect that that would not disconnect someone already connected though. 
 You can get the VPN IP of user Josh with: 
 # /usr/local/bin/openvpn_connections.sh|grep Josh 
 Assuming that that lets you know that Josh is on 10.242.2.4, you can disconnect him with : 
 # /usr/bin/ras_update.plx ssl disconnect username Josh 10.242.2.4 
 Cheers - Bob

Deactivate/Activate User - Shell Command

Top Replies