Sophos UTM: Decommissioning of obsolete URL categorization services CFFS.Click here for important info.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Deactivate/Activate User - Shell Command

Hi all,

I am looking for a shell command to deactivate and activate a user. We want to prevent some users during specific timeframes during the day so they can't login with their VPN clients. We are already using a shell command / cronjob to deactivate/activate Site-To-Site VPN tunnels. Does anyone know such a command for users? Couldn't find anything yet online.


This thread was automatically locked due to age.
  • Hallo Christopher and welcome to the UTM Community!

    Probably the easiest way to have different people login at different times would be to have different SSL VPN Profiles with different members and then disable one and enable the other at a specific time.  You would need to know the REF_ of each Profile:

         # cc get_objects ssl_vpn remote_access_profile|grep \'ref

    With that, you see that the 'Restricted' Profile is REF_SslRemRestrict.   You disable a Profile by setting its status to 0 and enable it by setting the status to 1.  To disable the 'Restricted' Profile:

         # cc change_object REF_SslRemRestrict status 0

    I suspect that that would not disconnect someone already connected though.  

    You can get the VPN IP of user Josh with:

         # /usr/local/bin/|grep Josh

    Assuming that that lets you know that Josh is on, you can disconnect him with :

         # /usr/bin/ras_update.plx ssl disconnect username Josh

    Cheers - Bob

    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply Children
No Data