Deactivate/Activate User - Shell Command

Hi all,

I am looking for a shell command to deactivate and activate a user. We want to prevent some users during specific timeframes during the day so they can't login with their VPN clients. We are already using a shell command / cronjob to deactivate/activate Site-To-Site VPN tunnels. Does anyone know such a command for users? Couldn't find anything yet online.

Thanks.

Parents
  • Hallo Christopher and welcome to the UTM Community!

    Probably the easiest way to have different people login at different times would be to have different SSL VPN Profiles with different members and then disable one and enable the other at a specific time.  You would need to know the REF_ of each Profile:

         # cc get_objects ssl_vpn remote_access_profile|grep \'ref

    With that, you see that the 'Restricted' Profile is REF_SslRemRestrict.   You disable a Profile by setting its status to 0 and enable it by setting the status to 1.  To disable the 'Restricted' Profile:

         # cc change_object REF_SslRemRestrict status 0

    I suspect that that would not disconnect someone already connected though.  

    You can get the VPN IP of user Josh with:

         # /usr/local/bin/openvpn_connections.sh|grep Josh

    Assuming that that lets you know that Josh is on 10.242.2.4, you can disconnect him with :

         # /usr/bin/ras_update.plx ssl disconnect username Josh 10.242.2.4

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • Hallo Christopher and welcome to the UTM Community!

    Probably the easiest way to have different people login at different times would be to have different SSL VPN Profiles with different members and then disable one and enable the other at a specific time.  You would need to know the REF_ of each Profile:

         # cc get_objects ssl_vpn remote_access_profile|grep \'ref

    With that, you see that the 'Restricted' Profile is REF_SslRemRestrict.   You disable a Profile by setting its status to 0 and enable it by setting the status to 1.  To disable the 'Restricted' Profile:

         # cc change_object REF_SslRemRestrict status 0

    I suspect that that would not disconnect someone already connected though.  

    You can get the VPN IP of user Josh with:

         # /usr/local/bin/openvpn_connections.sh|grep Josh

    Assuming that that lets you know that Josh is on 10.242.2.4, you can disconnect him with :

         # /usr/bin/ras_update.plx ssl disconnect username Josh 10.242.2.4

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children