Hi all,
I am looking for a shell command to deactivate and activate a user. We want to prevent some users during specific timeframes during the day so they can't login with their VPN clients. We are already using a shell command / cronjob to deactivate/activate Site-To-Site VPN tunnels. Does anyone know such a command for users? Couldn't find anything yet online.
Thanks.
Hello Christopher Mudersbach1,Thank you for reaching out to the community, you may use API: https://www.sophos.com/en-us/medialibrary/PDFs/documentation/UTMonAWS/Sophos-UTM-RESTful-API.pdf
Thanks & Regards,_______________________________________________________________
Vivek Jagad | Technical Account Manager 3 | Cyber Security Evolved
Sophos Community | Product Documentation | Sophos Techvids | SMSIf a post solves your question please use the 'Verify Answer' button.
Hallo Christopher and welcome to the UTM Community!
Probably the easiest way to have different people login at different times would be to have different SSL VPN Profiles with different members and then disable one and enable the other at a specific time. You would need to know the REF_ of each Profile:
# cc get_objects ssl_vpn remote_access_profile|grep \'ref
With that, you see that the 'Restricted' Profile is REF_SslRemRestrict. You disable a Profile by setting its status to 0 and enable it by setting the status to 1. To disable the 'Restricted' Profile:
# cc change_object REF_SslRemRestrict status 0
I suspect that that would not disconnect someone already connected though.
You can get the VPN IP of user Josh with:
# /usr/local/bin/openvpn_connections.sh|grep Josh
Assuming that that lets you know that Josh is on 10.242.2.4, you can disconnect him with :
# /usr/bin/ras_update.plx ssl disconnect username Josh 10.242.2.4
Cheers - Bob
You can use the usermod command to change a user's login shell. usermod -s /sbin/nologin myuser. or usermod -s /usr/sbin/nologin myuser.