Limit login per user

Similar Messages

• Limit BTC per user

  Hi,
  SAP R3 on my system, I need to limit the amount of work processes BTC per user, because some users launch several processes at the same time causing inconvenience in the whole system.
  Is there any parameter or report that can control this situation?
  Regards
  Marco Sousa

  Hi,
  As per my knowledge, there is no such option where you can limit the usuage of BTC work process as per user. The alternate would be firstly educate users strictly not to run any huge reports in background during the peak time or remove the access of executing in background. Other thing is look at the possibility of increasing the BTC process if bussiness requirement needs them to execute in background. If resources are not sufficient to increase the BTC process then configure the operation modes and convert the dialog process to BTC process.
  Regards,
  Sharath

• LDAP auth & limit logins per host

  I'm using LDAP auth. using ldapclient init to setup the ldap auth. Have a SunOne LDAP server.
  I'm interested in doing auth filters - like what Linux does with PAM. I've got PAM_LDAP to work, but since Sun does not use the OpenLDAP convention of /etc/ldap.conf - I can't setup the nss_user filters in there or nss_base_passwd dc=....
  does anyone know how to do this in Solaris? Can I enter something into the ldap_cred file? I tried to do a serviceSearchDescriptor and put passwd:dc=x,dc=y?one?(|(uid=x)(uid=y)) in the ldapCredFile but that gave me a search filter error
  I really do not want to use NetGroups.
  Thanks in advance. I have seem a few posts for this questions but no real answers.
  I can't believe that there is no way to do this...

  I actually was able to solve my problem. What I did was the following
  in my profile setup in the LDAP server I set
  servieSearchDescriptor: passwd:dc=x,dc=y,dc=x?sub?|(attribute1=value)(attribute2=value)
  This makes the password lookup look for the user only if a subsearch (sub) matches the attributes above.
  For example - I could limit logins to only the people who have a shell=/bin/bash by saying ...sub?|(loginShell=/bin/bash)(loginShell=/usr/bin/bash)
  I would also want to make a similar serviceSearchDescriptor line for shadow. So I would have two of these in my Profile on the LDAP server , one with passwd: and one with shadow:

• Limit bandwidth per user/computer using Catalyst 3560 switch

  Hi -
  Can someone help me getting started (if at all possible...) with enabling controll of used bandwidth at a "per-user"-level.
  I wonder if it possible to do this dynamicly with respect to the overall demand from other users.
  I've searching a lot, but I'm missing the terminology :) 
  Sincerly
  Nicholas

  Disclaimer
  The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
  Liability Disclaimer
  In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
  Posting
  To my knowledge, what you want to accomplish isn't possible on a 3560.
  You can police at ingress, and if you use a policy map, you can police different "known" IPs.
  What you could do, is police user ports ingress at some nomimal bandwidth, and if exceeded, mark the packets.  Then on egress, you could direct those packets to an different egress queue with a lower bandwidth guarantee than the normal queue.

• Problem with a lot of logins per user

  We are using 2 (4 controllers) WiSM version 5.2.178.0 Controllers with WPA2/CCKM 802.1x EAP-MSCHAPv2 using freeradius v2 and eDirecvtory as backend.
  About 500 1142 AP:s and 2400 clients.
  The clients are running unmanaged Windows 7.
  Clients are authenticating about 10- 20 times in a minute.
  This causes heavy load on the Radius/eDirectory servers.
  The clients having Atheros AT9285 wifi card without CCX support.
  Our users also complains about having to reconnect frequently.
  Any ideas how to reduce radius logins?
  Henrik Hartelius
  *Sep 14 16:37:59.825: c4:46:19:61:57:58 Unable to compute a valid PMKID from dot1x PMK cache for mobile c4:46:19:61:57:58
  *Sep 14 16:37:59.825: c4:46:19:61:57:58 Found an entry in the global PMK cache for station c4:46:19:61:57:58
  *Sep 14 16:37:59.825: CCKM: AA (6)
  *Sep 14 16:37:59.825:      [0000] fc fb fb d8 7a a0
  *Sep 14 16:37:59.825: CCKM: SPA (6)
  *Sep 14 16:37:59.825:      [0000] c4 46 19 61 57 58
  *Sep 14 16:37:59.825: CCKM: AA (6)
  *Sep 14 16:37:59.825:      [0000] fc fb fb d8 7a a0
  *Sep 14 16:37:59.825: CCKM: SPA (6)
  *Sep 14 16:37:59.825:      [0000] c4 46 19 61 57 58
  *Sep 14 16:37:59.825: c4:46:19:61:57:58 Unable to compute a valid PMKID from global PMK cache for mobile c4:46:19:61:57:58
  *Sep 14 16:37:59.825: c4:46:19:61:57:58 85.188.98.23 RUN (20) Change state to START (0) last state RUN (20)
  *Sep 14 16:37:59.825: c4:46:19:61:57:58 85.188.98.23 START (0) Initializing policy
  *Sep 14 16:37:59.825: c4:46:19:61:57:58 85.188.98.23 START (0) Change state to AUTHCHECK (2) last state RUN (20)
  *Sep 14 16:37:59.825: c4:46:19:61:57:58 85.188.98.23 AUTHCHECK (2) Change state to 8021X_REQD (3) last state RUN (20)
  *Sep 14 16:37:59.825: c4:46:19:61:57:58 85.188.98.23 8021X_REQD (3) Plumbed mobile LWAPP rule on AP fc:fb:fb:d8:7a:a0 vapId 6 apVapId 1
  *Sep 14 16:37:59.825: c4:46:19:61:57:58 apfPemAddUser2 (apf_policy.c:210) Changing state for mobile c4:46:19:61:57:58 on AP fc:fb:fb:d8:7a:a0 from Associated to Associated

  If the client does not use CCX, then you should not be using CCKM as the keying method, you should use 802.1x.  But from what I am seeing, the client is not sending a valid PMK, so we can't fast roam them, they have to do a full AAA authenticaiton.  My other normal suggestion would be to check for updated drivers but as they are "unmanaged, this may not be feasible

• Need to limit ram per user +cpu usage % and internet speed

  I go into Windows System Resource Management but I only see limit by process. I need to be able to say limit "greg" to only be able to use a total of 5GB of ram and say 10% of the total available cpu usage. I saw some people suggesting to set up
  proxies for speed limiting but have no idea on how to go about doing that. Or if any1 has any software ideas like I'v tried Net Limiter 3 b4 but it was buggy and stopped other things from working properly on my pc plus don't know if I can use it on server.
  so just to clarify if they are running 1 program they can only uses say the 5GB of ram or if there using 5 differant programs there still limited to only using 5GB of ram.
  Thanks all in advance,
                                      Blue

  Hi,
  You can use the System Resource Manager if you are using the Server 2008R2 or previous edition server, You can set an upper limit on the working set of a matched process,
  but about the RAM limits there have some additional considerations:
  • Do not use memory limits in Windows System Resource Manager to manage applications or processes that modify their own memory limits dynamically. This can interfere with
  the correct operation of Windows System Resource Manager and the managed application.
  •As a best practice, use CPU targets to manage resources. Apply memory limits selectively to applications that exhibit memory consumption issues. Excessively limiting the
  memory that is available to an application can increase the time it takes the application to complete a task, and it can increase disk usage.
  More detail please refer the following related KB:
  Understanding Memory Management in Windows System Resource Manager
  http://technet.microsoft.com/en-us/library/cc753446.aspx
  More information:
  Can a process be limited on how much physical memory it uses?
  http://blogs.technet.com/b/clinth/archive/2012/10/11/can-a-process-be-limited-on-how-much-physical-memory-it-uses.aspx
  Install Windows System Resource Manager
  http://technet.microsoft.com/en-us/library/cc753939.aspx
  Hope this helps.
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Limit the number of session per user in the Wired dot1x environment with ISE 1.2

  Hello,
  I need to check if there is any configuration/workaround to limit the number of sessions/access per user in the Wired dot1x configuration.
  I need to check if this feature is available or not to solve the following scenario:
  I have 2 SW ports configured to use dot1x authentication with ISE 1.2 server.
  If user A connects to the 1st port and authenticated then he will placed on a VLAN based on the authorization profile.
  The case, that I need to deny the same user to connect on a different machine with the same credentials.
  The ISE itself does not have this feature currently,  the only feature available is to limit the number of sessions for the guest user.
  Is there any workaround on the Cisco switches to solve this? Cisco WLC has this feature and for the VPN we can limit the number of sessions also from the ASA itself.
  Thanks.

  limit number of session per user using wired dot1x is not available in 1.3

• Per user bandwidth rate limit.

                     How to configure per user bandwidth rate limit for wireless guest client, authentication server is ISE 1.2 & wireless controller is 5760.

  The Cisco 5760 WLC supports better QoS than other c
  ontrollers, allowing prioritization of mission-crit
  ical
  applications:
  ●
  The Cisco 5760 WLC supports four wireless hardware
  queues and priority-based queuing compared to
  software-based queuing in existing controllers.
  ●
  The Cisco 5760 WLC follows MQC based commands, allo
  wing usage of exact commands for configuring
  QoS on different types of network devices.
  ●
  The Cisco 5760 WLC supports QoS policies to be appl
  ied in a hierarchical fashion with more granularity
  per SSID per radio, while on the current controller
  s granularity is per WLAN.
  ●
  The Cisco 5760 WLC supports approximate fair bandwi
  dth to make sure of fairness at client, SSID, and
  radio levels for Non-Real Time (NRT) traffic. There
  fore, if one user consumes excessive bandwidth, we
  can
  limit the amount of bandwidth that user receives an
  d thereby not deprive other users.

• "Make proxy settings per-machine (rather than per user)" Group Policy setting not applied until login as a local Administrator

  We want to deploy to all our desktop the pac file to configure proxy. We have a Windows 2008 R2 server, and i've enabled the GPO "Make proxy settings per-machine (rather than per user)", and i've add a registry key AutoConfigURL in "HKLM\Software\Microsoft\Windows\Current
  Version\Internet Settings" with the pac file link.
  I've tested on my pc, and all was configured without any problem. I've try to login to my computer with another user (without admin rights) and the automatic configuration proxy was compiled and not modificable. It's seems that all works.
  But, our users are not local admin, so i've tried to deploy the GPO in a collegue computer. I've forced the update of GPO, checked on registry that all new keys are added, and i've reboot the pc. When i've check on IE settings, autoconfig URL was empty and
  grey. I'm disconnected from user and i've login to the pc with a local admin. With my surprise, the IE settings was compiled. When i'm come bac to the user profile the IE settings was compiled and not modificable.
  The problem is: i've over 750 users in 3 countries, and i don't want grant them the local admin permissions. How can i configure proxy settings via GPO without login to every machine at least one time?

  > have a Windows 2008 R2 server, and i've enabled the GPO "Make proxy
  > settings per-machine (rather than per user)", and i've add a registry
  > key AutoConfigURL in "HKLM\Software\Microsoft\Windows\Current
  > Version\Internet Settings" with the pac file link.
  In the past, we experienced various issues with machine proxy settings,
  so we don't use them anymore. The simple approach:
  Block access to the connections page through ADM template settings and
  deploy the proxy through GPP Internet Settings.
  This is what we do (with a pac file, too), and it works well :)
  Martin
  Mal ein
  GUTES Buch über GPOs lesen?
  NO THEY ARE NOT EVIL, if you know what you are doing:
  Good or bad GPOs?
  And if IT bothers me - coke bottle design refreshment :))

• Limit dialog processes per user

  Hello,
  We would like to know if it possible to limit dialog processes per user.
  We have a user that he runs every dialog processes without permissions and we would like to limit the number of such processes to, for example, 5. This processes are an RFC for external java program.
  Thanks and regards,
  Néstor.

  <removed by moderator>
  Do not copy and paste. Always quote the source
  Read the "Rules of Engagement"
  Edited by: Juan Reyes on Jan 12, 2010 9:39 AM

• Can you limit the amount of data accessed per user on an AirPort Extreme?

  Can you limit the amount of data accessed per user on an AirPort Extreme?

  Your question was whether the AirPort Extreme is able to establish data limits per user.
  If you add another router that has this type of capability or install software on another router, then you will be able to establish data limits for each user. The AirPort Extreme will have no control over this.

• Render page as per User language after login

  Hello,
  I am using Jdev 11.1.1.6 with ADFBC and Faces.
  In our application, user can set default language. It is expected that after login, all contents should be displayed as per user language locale (assuming locale is supported and locale specific resource bundle exists).
  So there is SignInPage and HomePage. I need to access the DB (using methodAction binding for a AM method, that reads the user preference and returns the language) before forwarding to HomePage.
  Code to forward to HomePage is something like this:
  FacesContext ctx = FacesContext.getCurrentInstance();
  RequestDispatcher dispatcher =
  request.getRequestDispatcher(forwardUrl);
  dispatcher.forward(request, response);
  ctx.responseComplete();
  End User locale handling is done by defining ViewHandler class in faces-config file. Implementation is explained here
  Problems faced:
  1) I tried to execute the operation binding but got null pointer...in FacesCtrlActionBinding._execute(FacesCtrlActionBinding.java:252)
  2) I tried to redirect using external.encodeActionURL(actionURL) but got illegalStateException...Response is already committed
  It works fine if user after login either just press F5 to refresh the page OR reset the language again using the preference screen.
  How do I get it to work at login? Where can I tap-in the methodAction call between SignInPage and HomePage, so that HomePage is rendered according to language?
  Any help/pointer is highly appreciated.
  Thanks,
  Jai

  Hi,
  1) I tried to execute the operation binding but got null pointer...in FacesCtrlActionBinding._execute(FacesCtrlActionBinding.java:252)
  If you mean ADF operation binding then this only is available if a request is routed through the binding filter. Note that the PageDef file for a page needs to be parsed before the content becomes available as an object at runtime.
  2) I tried to redirect using external.encodeActionURL(actionURL) but got illegalStateException...Response is already committed
  Why don't you use facesContext --> externalContext --> redirect(...) to perform the redirect, The dispatcher.forward() surely doesn't do this
  3) How do I get it to work at login? Where can I tap-in the methodAction call between SignInPage and HomePage, so that HomePage is rendered according to language?
  Programmatic authentication as explained in the Fusion Developer Guide (chapter 30 if I recall correctly) would give you a chance to set the language. However, the language is not set on the ViewObject but should be set on JSF by changing the default language, e.g.
  FacesContext.getCurrentInstance().getViewRoot().setLocale(Locale.ENGLISH);
  Frank

• R12 Restrict Parallel Concurrent Requests Per User to a Limit.

  Hi everyone,
  Is it possible to restrict parallel concurrent requests per user to a limit.
  e.g. UserA sending concurrent requests to submit 15 heavy reports one after another. After 2 minutes he feels free. Now 15 reports running in parallel are heavy enough to take system's performance down. Is there a way to restricting parallal reports by a single user to 5.
  Waitning........
  Regrads,
  M. Farooq Khan.

  Hi,
  Please check the profile optiion
  Concurrent:Active Request Limit
  Thanks,

• Limit on devices per user that can connect to Office Mobile or Office for iPad apps?

  We are are on an E3 license for Office 365. What is the maximum number of devices that a user can connect to the various mobile apps? I had hard 5 was the max, but can not find any documentation to support this. We are interested in using both Office Mobile
  and the new Office for iPad apps and want to understand any restrictions at the user level. Thanks.

  Hi,
  You are correct 5 devices max per user, these devices could be a PC/Tablet/Phone etc... (they all count as a device)
  see the second row on this page http://office.microsoft.com/en-gb/business/compare-all-office-365-for-business-plans-FX104051403.aspx
  Daniel

• Mail Per User Quotas Not Working

  We just migrated from 10.9 server to the new 10.10 server and noticed that our per user mail quotas were no longer working.  If I change the Server app - Mail setting - to have a global mail quota on it work, however, we have a few accounts that we need to leave unlimited and the per user quota will not override the global quota.  So far we have had to leave the global quota disabled because of this.
  Even without global quota turned off - trying to set per user mail limits is still not working.  We are changing it thru the Server app and clicking users - selecting a user - then select edit mail options - and changing the setting for the limit size.  No matter what we set it to - it will not work.
  Does anyone know what command or how to change the per user quota limits from the command line?  I found that Dovecotadm quota -u username  shows you what the quota is, but I am stumped as how to change it via a command line or thru another method since the server app is not working.
  Any help would be appreciated!
  ps. Also posted my doveconf -n file below, but I am missing if there is anything not configured properly.
  bash-3.2# dovecot -n
  bash: dovecot: command not found
  bash-3.2# doveconf -n
  # 2.2.5: /Library/Server/Mail/Config/dovecot/dovecot.conf
  # OS: Darwin 14.1.0 x86_64  hfs
  aps_topic = com.apple.mail.XServer.a1c54f6d-f4ad-4431-b882-0f11570dd637
  auth_mechanisms = cram-md5 plain login
  auth_socket_path = /var/run/dovecot/auth-userdb
  auth_username_format = %n
  debug_log_path = /Library/Logs/Mail/mail-debug.log
  default_internal_user = _dovecot
  default_login_user = _dovenull
  disable_plaintext_auth = no
  first_valid_gid = 6
  first_valid_uid = 6
  imap_id_log = *
  imap_id_send = "name" * "version" *
  imap_urlauth_submit_user = submit
  info_log_path = /Library/Logs/Mail/mail-info.log
  log_path = /Library/Logs/Mail/mail-err.log
  login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c
  mail_access_groups = mail
  mail_attribute_dict = file:/Library/Server/Mail/Data/attributes/attributes.dict
  mail_location = maildir:/Library/Server/Mail/Data/mail/%u
  mail_log_prefix = "%s(pid %p user %u): "
  mail_plugins = quota zlib acl fts fts_sk
  managesieve_notify_capability = mailto
  managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave
  mdbox_rotate_size = 200 M
  namespace acl-mailboxes {
    list = children
    location = maildir:/Library/Server/Mail/Data/mail/users/%%u:INDEX=/Library/Server/Mail/Dat a/mail/shared/%%u
    prefix = shared.%%u.
    separator = .
    subscriptions = no
    type = shared
  namespace inbox {
    inbox = yes
    location =
    mailbox Drafts {
      special_use = \Drafts
    mailbox Junk {
      special_use = \Junk
    mailbox Sent {
      special_use = \Sent
    mailbox "Sent Messages" {
      special_use = \Sent
    mailbox Trash {
      special_use = \Trash
    prefix =
  namespace list-archives {
    list = children
    location = maildir:/Library/Server/Mail/Data/listserver/messages/archive/lists/%%u:INDEX=/ Library/Server/Mail/Data/listserver/messages/archive/shared/%%u
    prefix = archives.%%u.
    separator = .
    subscriptions = no
    type = shared
  passdb {
    driver = od
  passdb {
    args = /Library/Server/Mail/Config/dovecot/submit.passdb
    driver = passwd-file
  plugin {
    acl = vfile:/Library/Server/Mail/Config/dovecot/global-acls:cache_secs=300
    acl_shared_dict = file:/Library/Server/Mail/Data/shared/shared-mailboxes
    fts = sk
    quota = maildir:User quota
    quota_warning = storage=100%% quota-exceeded %u
    quota_warning2 = storage=85%% quota-warning %u
    sieve = /Library/Server/Mail/Data/rules/%u/dovecot.sieve
    sieve_dir = /Library/Server/Mail/Data/rules/%u
    stats_refresh = 30 secs
    stats_track_cmds = yes
  protocols = imap lmtp sieve pop3
  quota_full_tempfail = yes
  service auth {
    extra_groups = _keytabusers
    idle_kill = 15 mins
    unix_listener auth-userdb {
      user = _dovecot
  service dns_client {
    unix_listener dns-client {
      mode = 0600
  service imap-login {
    inet_listener imap {
      port = 143
    inet_listener imaps {
      port = 993
      ssl = yes
    service_count = 0
  service imap {
    client_limit = 5
    process_limit = 200
    service_count = 0
  service indexer-worker {
    user = _dovecot
  service lmtp {
    unix_listener lmtp {
      mode = 0600
  service managesieve-login {
    inet_listener sieve {
      port = 4190
  service pop3-login {
    inet_listener pop3 {
      port = 110
    inet_listener pop3s {
      port = 995
      ssl = yes
  service pop3 {
    client_limit = 5
    process_limit = 200
    service_count = 0
  service quota-exceeded {
    executable = script /Applications/Server.app/Contents/ServerRoot/usr/libexec/dovecot/quota-exceeded .sh
    unix_listener quota-exceeded {
      group = mail
      mode = 0660
      user = _dovecot
    user = _dovecot
  service quota-warning {
    executable = script /Applications/Server.app/Contents/ServerRoot/usr/libexec/dovecot/quota-warning. sh
    unix_listener quota-warning {
      group = mail
      mode = 0660
      user = _dovecot
    user = _dovecot
  service stats {
    fifo_listener stats-mail {
      mode = 0600
      user = _dovecot
  ssl = required
  ssl_ca = </etc/certificates/mail.maxxx.com.3524D1A33970C65E8A8DFF78E757DDE3C66AED10.chai n.pem
  ssl_cert = </etc/certificates/mail.maxxx.com.3524D1A33970C65E8A8DFF78E757DDE3C66AED10.cert .pem
  ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL:!ADH:!eNULL
  ssl_key = </etc/certificates/mail.maxxx.com.3524D1A33970C65E8A8DFF78E757DDE3C66AED10.key. pem
  ssl_key_path = /etc/certificates/mail.maxxx.com.3524D1A33970C65E8A8DFF78E757DDE3C66AED10.key.p em
  userdb {
    args = partition=/Library/Server/Mail/Config/dovecot/partition_map.conf global_quota=0 enforce_quotas=yes
    driver = od
  userdb {
    args = /Library/Server/Mail/Config/dovecot/submit.passdb
    driver = passwd-file
  verbose_proctitle = yes
  protocol lmtp {
    mail_plugins = quota zlib acl fts fts_sk sieve
  protocol lda {
    mail_plugins = quota zlib acl fts fts_sk sieve push_notify
  protocol imap {
    mail_max_userip_connections = 20
    mail_plugins = quota zlib acl fts fts_sk imap_acl imap_quota imap_zlib
  protocol pop3 {
    mail_max_userip_connections = 6

  I guess the problem didn't resolve itself, rather it has revealed that it is intermittent (my favorite kind).
  What could made a message sent to a legitimate alias username not get picked up during the imap connection. I know the smtp server accepted the message (see logs above).