Multiple user logins from same machine = same ip

[Per Erik Gransøe]

Hi

On my network I've got several users each with their separate access to the same machine. I've enabled authentication on NxFilter, and the users are each created in NxFilter (and given each a password). But can NxFilter differentiate between the different user's activities when coming from same ip? Need I use NxClient in this case (and if so, can I do this on a mac/OSX system?).

Best regards, Per

[Jinhee]

If they use the same machine at the same time it's not possible. NxClient is not also a possible option as it works on system level. This is for preventing users killing NxClient process. One possible option is using NxBlock. It works on browser level. But only for Chrome so you'd need to block the other browsers.

[Jinhee]

If it's a sequentially shared PC then use 'Logout Domain' on 'Config > Setup'. Setup a logoff script to call IE to visit that domain. Then the previous user session will be expired. Or you can setup 'Login Domain' to be the start page of the browser.

[Per Erik Gransøe]

The machine is sequentially shared - but can this be done on mac also?

[Jinhee Lee]

Might be easier if theres something like logoff sctipt. Just access the domain with browser or nslookup. When you send a dns query for the logout domain nxfilter delete the user session

[Per Erik Gransøe]

I think it is possible to run logon/logoff scripts. The users have seperate tokens I can see. Can I use these in my script and thereby avoid to have the users enter their password on the NxFilter login screen?

[Jinhee Lee]

No you dont need to. NxFilter delete the session based on ip. If you use NxClient I think it will detect username change. May take 1 minute? Dont remember exactly. But I think you have to have all the login username on NxFilter side if you dont use AD.

[Per Erik Gransøe]

I don't use AD, all users are registered in NxFilter. Sorry for my ignorance, but would NxClient serve me well in my user scenarios?

Apart from the common machines (subject of this topic) my users also shares eg. iPads which on which the web login must be used - and I'll to setup an suitable TTL for the login sessions.

[Jinhee]

I think you can use NxClient as a single sign-on agent for your Mac OS. For iPads you need to use login-page or you might be able to use NxBlock if it works on iOS version Chrome. And I heard that it works.

[Per Erik Gransøe]

I'll check out NxClient. But say I'll stick with web based login screen on the mac devices also, I would be able to have a logout-script (this is possible to script) to call a NxFilter logout-URL, right?

[Jinhee Lee]

Yes.

[Per Erik Gransøe]

NxClient seems to work fine. All users have it installed, and according to Admin/Logging/Requests does it correctly log the correct requests from each user. Fine.
I've turned on Quota for the user's default Policy. But when I go to Admin/User & Group and click Test on a user, it says quota: 0 / 120 minutes... Am I missing some setting?

[Jinhee]

Did you check anything on 'Quotaed Categories' on a policy?

[Per Erik Gransøe]

I got it to work now. The problem had to do with policy priority, so I did not have the correct policy applied.