Limit # of simultaneous logins?

Similar Messages

• ACS 5 Limit User Simultaneous Logins

  Is it possible in ACS 5 to limit the amount of devices a person can log into simultaneously? We would not want this to be global as there are other user ID's that need unlimited. Thanks in advance

  In the Max Sessions table, under Sessions available to group, select one of the following options:
  • Unlimited-Allows this group an unlimited number of simultaneous sessions. (This action effectively disables Max Sessions.)
  • n-Type the maximum number of simultaneous sessions to allow this group.
  In the lower portion of the Max Sessions table, under Sessions available to users of this group, select one of the following two options:
  • Unlimited-Allows each individual in this group an unlimited number of simultaneous sessions. (This action effectively disables Max Sessions.)
  • n-Type the maximum number of simultaneous sessions to allow each user in this group

• Simultaneous Logins in VPN Concentrator

  Hi,
  The documents indicate that the 'Simultaneous Logins' applies for a single 'Internal User' .
  I have configured a User Group that utilises RADIUS as an authentication method. Was wondering whether the simultaneous login can be applied as well.
  SO what i'm trying to do here is let user authenticate via RADIUS. I want to limit only 1 session per UserID at a time.
  Any ideas ?
  If it cannot be done , what are the workarounds available ?

  There seems to be conflicting documentation regarding the function 'Simultaneous Login'
  In the main documentation
  http://www.cisco.com/en/US/partner/products/hw/vpndevc/ps2284/products_configuration_guide_chapter09186a00803ee1f0.html
  It says Number of Simultaneous Login for a single User
  In the TAC KB
  http://www.ciscotaccc.com/kaidara-advisor/security/showcase?case=K80154467
  It seems like they are referring to number of simultaneous connection within that group.
  So which is it ?

• How to limit number of logins per day?

  We have a custom web application (WebAS 6.20) used by people and automated systems. Each user has his own login, and some of these automated systems sometimes produce heavy load because they log into system too often.
  Is there an easy way to:
  1) limit number of logins to, say, 1000 per day and when this limit is reached - do not allow this user to login till midnight
  OR
  2) dedicate one of the processes to the specific user
  thanks in advance

  extend PlainDocument class to restrict the number of characters per line.
  Set this class as model to TextArea.
  Below is a class which does this. May be its useful
  import javax.swing.*;
  import javax.swing.text.*;
  import java.awt.*;
  public class FixedNumericDocument extends PlainDocument {
  private int maxLength = 9999;
  private String max="";
  public FixedNumericDocument(int maxLength) {
  super();
  this.maxLength = maxLength;
  //this is where we'll control all input to our document.
  //If the text that is being entered passes our criteria, then we'll just call
  //super.insertString(...)
  public void insertString(int offset, String str, AttributeSet attr)
  throws BadLocationException {
  if (getLength() + str.length() > maxLength) {
  return;
  else {
  try {
  //check if str is numeric only
  int value = Integer.parseInt(str);
  //if we get here then str contains only numbers
  //chk if it is less than 65535 so that it can be inserted
  super.insertString(offset, str, attr);
  catch(NumberFormatException exp) {
  return;
  return;

• Block simultaneous logins by the same user on wired 802.1x

  Is it possible to block simultaneous logins by the same user, meaning is userX login on port gi1/0/1 and after that the same user (UserX) is trying to login on a different port, it will be blocked.

  Sorry I did not read your original question correctly. So at the moment, you can only restrict the number of concurrent connections for users that are only going through the web authentication process. If you are using EAP-TLS, PEAP, etc, then there is no method to restrict those users from performing multiple authentications on the network.
  Thank you for rating helpful posts!

• Simultaneous login problem

  Hi 
  I am having simultaneous login problems. In the past I have been able to sign into my skype account on both my Mac Book Pro and my Windows 7 desktop PC. However since I had to change my password I can only login into one machine at a time now. Also when I change my password on the desktop PC I can only sign into that skype / computer. Whenever I type the same account name and same exact password on my Mac Book Pro, it says it doesn't recognize my sign-in details but I am 100% sure that I typed it in exactly the same way as I did on my desktop. Another is that when I reset my password on my Mac Book those details won't work on the Desktop PC and vice-versa.
  I would like to know what is the problem in this situation, I am not sure if this is an application error or a networking error where the account details are not signing in from a different IP or MAC address.
  Please and thank you!

  "The load balancing was already functional:"
  Do you have a description how to do that?
  I Would like to know how.
  "so ALL traffic, not going to the LAN network and so over this interface, went out on the DMZ interface, with source IP from LAN."
  If you put the VPN servers behind 1-1 NAT instead they will use the firewall as GW and the VPN clients will get at your remote sites/LAN IF you add routing definitions in VPN config what networks are reachable through VPN.
  Or you keep servers as they are but also add add more routing definitions in VPN AND static routes to each server with the firewall as gw to those remote networks. Default gw will still be through the DMZ IPs though.
  The problem with more than one VPN client from behind same IP address is, with your current server settings, most likely because of the client side NAT router isn't coping with the task. Your public IP VPN server(s) should mean NAT VPN problem is at the other end (customer/client network router/firewall).
  If two VPN clients behind same NAT router connected to different servers at your end, "12.34.56.80" and "12.34.56.81" (both are public IPs?) respectively I believe at least two should be able to connect.
  3G/4G modems isn't an option?
  Maybe try bringing your own tested working portable router (ethernet/wifi maybe includes a VPN client that connect to your servers) to the customer and put it temporarily on their LAN? There are these small new 3G/WiFi routers too. Depends on wether you need to be connected to customer LAN or not.
  Try other VPN solution, SSL or OpenVPN?
  Use both PPTP and L2TP simultaneously (PPTP could be troubelsome if GRE/TCP 1723 passthrough is disabled)?

• Not allow simultaneous login on managed computers using profile mangaer

  Does any one knows how to not allow simultaneous login on managed computers using Profile Manager instead of Workgroup Manager?
  Thanks in advanced

  Hi Folks
  First - thanks for your help.
  Closing this out - here is what I learned:
  1) Needed to ensure my server was Kerberised and that Kerebos was running correctly
  2) Local users have precedence over network so I need to ensure I don't use the same short name. While using the "id" command you may be able to see the network user ID, the local of the same name appears to take precedence.
  3) Using the "kinit" command useful for confirming Kerebos is working correctly
  4) Home directories created - had already done this but what finally got this working was stopping and restarting AFP Service.
  So was able to successfully login to Mac Client using OD username and password - it mounted the network home share just fine on the client, loaded preferences etc.
  Now on to create network users with Mobile Accounts for my laptop users - wish me luck

• Multiple simultaneous logins no longer being prohibited when unchecked

  Since (I think) the most recent raft of software updates were installed, multiple simultaneous logins are no longer being prohibited when the box is unchecked in a user's logon account.
  My users are now logging onto different computers and 'lending' their account to people who are not students.
  Is anyone else experiencing this anomaly since 10.5.7 or thereabouts?

  Figured it out, I just had to restart the server for the changes to take effect.

• Simultaneous Logins; Not Working; Intel & PPC

  So, one of my schools is a mixed 10.4 environment with PPC and Intel iMacs. Everything, including the G4 server is sitting at 10.4.7.
  I do not have mobile accounts and I don't have fast user switching turned on. And of course, "Simultaneous Logins" is turned off for every account.
  My APF clients can go to a PPC machine and login once and then go to an Intel machine and login. They get a slightly different Dock & Safari doesn't play real nice but they're able to login. The same can be said for an AFP client logging into an Intel first and then going to a PPC machine.
  Now, they cannot log in on two PPCs or two Intels at any time and so in that respect, the disabling of simultaneous logins is working. However, I've got a lot of people who will be lazy about logging out as they migrate from computer to computer and it's best if this "feature" actually worked cross-processor...
  Any suggestions? Anyone? ;0)

  Figured it out, I just had to restart the server for the changes to take effect.

• Limit concurrent user logins

  Hi all,
  One of our customers is trying to limit the number of concurrent user logins to 1.
  He has deployed a 2500 WLC (v7.4) with a Dot1x SSID. Authentication against external radius server (IAS).
  Configured the following:
  Max Concurrent Logins for a user name: 1
  But doesn't work despite of the value configured in "Max-Login Ignore Identity Response" option (enable|disable).
  My doubt here is if that these parameters just work when we are using local authentication or if it could be a bug with this particular software train.
  I've found contradictory info regarding this particular topic.
  Thanks in advance.
  Best regards,
  Alberto

  Hi Saurav,
  Thanks for the info provided.
  Our problem here is that despite the value of max-login-ignore-identity-response (enable|disable) we always can establish multiple simultaneous connections with the same username credentials. 
  Does Max Concurrent Logins for a user name work with external radius authentication? Are we missing something else?
  Thanks in advance.
  Best regards,
  Alberto

• Keep 443 open for profile updates, but limit profile manager login

  I notice that port 443 is used by clients to communicate with the server when profiles are pushed (I assume as an encrypted connection for transmitting the profile file). Therefore it seems that for profiles to be pushed to devices outside the LAN 443 needs to be available when clients come calling to the FQDN to get a new profile (when Apple's push notification service says 'hey something is waiting for you').
  However, from a security standpoint I'm not thrilled about exposing the profile manager login to the page to the whole world. Is there a way to limit access to this page to say just our LAN (e.g., using .htaccess) and still allow clients to come calling to the server from anywhere on 443 to fetch profiles? How have others handled this scenario?
  Thanks!

  ...minor updates (see below) after some additional testing. Added /auth as this is another mechanism for authenticating against the admin panel. Also Added an additional allow for loopback traffic since logs showed some items being blocked on : : 1
  <Location /profilemanager>
      AllowOverride None
      Options MultiViews FollowSymlinks
      Order deny,allow
      Deny from all
      Allow from 10.0.0.0/8                   #OUR LAN
      Allow from XXX.XXX.XXX.XXX              #SERVER'S PUBLIC IP
      Allow from 127.0.0.0/255.0.0.0 ::1/128    #FOR INTERNAL LOOPBACK TRAFFIC
      Header Set Cache-Control no-cache
  </Location>
  <Location /mydevices>
      AllowOverride None
      Options MultiViews FollowSymlinks
      Order deny,allow
      Deny from all
      Allow from 10.0.0.0/8                   #OUR LAN
      Allow from XXX.XXX.XXX.XXX              #SERVER'S PUBLIC IP
      Allow from 127.0.0.0/255.0.0.0 ::1/128    #FOR INTERNAL LOOPBACK TRAFFIC
      Header Set Cache-Control no-cache
  </Location>
  <Location /auth>
      AllowOverride None
      Options MultiViews FollowSymlinks
      Order deny,allow
      Deny from all
      Allow from 10.0.0.0/8                   #OUR LAN
      Allow from XXX.XXX.XXX.XXX              #SERVER'S PUBLIC IP
      Allow from 127.0.0.0/255.0.0.0 ::1/128    #FOR INTERNAL LOOPBACK TRAFFIC
      Header Set Cache-Control no-cache
  </Location>

• Limiting simultaneous logins

  I'm using Portal Server 6.0 with Secure Remote Access. I want to limit a user from logging in 2 sessions at the same time. I have search through all Portal Server documents and configurable parameters, but failed to find a solution. Is this supported by PSSRA?

  you need a customized login module to maintain a list of login users.

• Restrict simultaneous login to a web dynpro application by the same user

  I have a stand alone web dynpro application and used the sap.authentication for user to login into the application. How can i restrict a user from accessing the application from two different browsers using the same userid?

  Hi,
     You can try the following approach:
  1. Create an outbound plug to some dummy view which shows the message to the user that he/she is already logged in. Let's call this plug "ToMessageView".
  2. In the "wdDoInit" method of the component controller write the following code:
  String loggedInUserID = WDClientUser.getLoggedInClientUser().getClientUserID();
  String[] apps = WDServerState.getActualApplications(loggedInUserID);
  //All entries of apps will look like <application-name>/<application-id>
  boolean isRunningParallely = false;
  for (String app : apps) {
       if(app.split("/")[0].equals(wdComponentAPI.getApplication().getName())){
            isRunningParallely = true;
            break;
  if(isRunningParallely)
  //fire the plug to message view here
  FYI, I haven't tested this but do try it out.
  Regards,
  Satyajit

• Disabling Simultaneous logins in BOE

  Hi,
             Is there a way to disable users from logging into BOE from multiple systems. For example if 'User 1' is logged in from 'System A', the same user if tries to login from 'System B' should get an error message and the system shouldn't allow the user to login.
                Any help would be much appreciated.
  Regards,
  Sanjay

  If a user ID exists in XI and it is enabled then it can login from anywhere, including concurrrently. You can disabel any user account for all systems but the product has no way of differentiating where they are logging in from. I believe auditing might be able to provide info on the IP.
  If you want this functionality you would need to post or vote for it (if it exists) on [IDEA place |https://cw.sdn.sap.com/cw/community/ideas]
  Regards,
  Tim

• Multiple Users Simultaneous Login

  Does anyone have a way of simultaneously logging in multiple computers with different usernames and possibly passwords. I have found Unix commands for doing this with a single user account, but not multiple. All machines would be running X.4.9 with ARD 3.1
  Thanks,
  Chuck

  Sorry, but I'm not clear on what it is you're asking regarding "multiple computers with different usernames". Could you please explain further what it is you're trying to accomplish?
  If what you mean is that you want to have some computers logged in with User A and other computers logged in with User B, then you have to do this with separate UNIX commands. But if you want to be able to do this with a single operation, you could set up an Automator workflow so that it executes the separate commands from a single script. If that's not what you mean, please post back and clarify.
  Regards.