03-10-2010 05:39 AM - edited 03-11-2019 10:19 AM
Hi all,
Does anybody know a method to limit a username login to only one per session? I mean when user A does a successfully login, nobody can not login with the same username of user A.
Any help would be appreciated.
Riko
03-10-2010 09:35 AM
Hi,
Which method of cut-through proxy authentication are you using? http, ftp, telnet?
Are you positive that after a user authenticates itself against the ASA, and it shows under ''sh uauth'', another user can connect with the same credentials?
I haven't done the test, but I thought that while there was an entry in the uauth table, no other user can connect with the same credentials. Please verify this and if that's the case, post the output of the ''show uauth'.
Federico.
03-10-2010 02:47 PM
Hi,
I am using cut-through proxy authemtication for http.
I can logon with the same user from 2 different pc's simultaneously as shown below:
PIX# sh uauth
Current Most Seen
Authenticated Users 2 2
Authen In Progress 0 1
user 'test' at 192.168.0.2, authenticated
absolute timeout: 0:05:00
inactivity timeout: 0:00:00
user 'test' at 192.168.0.3, authenticated
absolute timeout: 0:05:00
inactivity timeout: 0:00:00
PIX#
Any ideas?
03-11-2010 04:36 AM
I have found this:
To manually configure the uauth session limit by setting the maximum number of concurrent proxy connections allowed per user, use the aaa proxy-limit command in global configuration mode. To disable proxies, use the disable parameter. To return to the default proxy-limit value (16), use the no
form of this command.
aaa proxy-limit (proxy_limit)
I will this try asap.
Riko
03-11-2010 04:56 AM
The command aaa proxy-limit did not resolve the problem: it regards the concurrent login attempt, not the concurrent user session.....
03-11-2010 11:36 AM
This is interesting, I know that if you're authenticating against another server for instance ACS, you can set up that, but locally on the ASA I'm not sure.
ASA(config)# aaa local authentication attempts max-fail ?
configure mode commands/options:
<1-16> Specify the value for max failed attempts (1 - 16)
The previous command was for the amount of tries given to a user.
To be able to limit the amount of connections per user (using the local database of the ASA) I have not found an option.
I will try to check and get back to you.
Federico.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide