Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » Force logout of authenticated user (Force logout of authenticated user on a non-domain computer)
  •  
opsimex

Messages: 12
Karma: 0
Send a private message to this user
In an effort to restrict specific users from accessing any URLs except those specifically allowed, I have setup Content Control and a URL Group and put all the allowed URL's in it. I have a follow-up rule that blocks EVERYTHING for that user if not allowed in the prior rule. In order for that to work for a specific user or group, said user must be authenticated by Kerio Control.

So far, this SEEMS to be working - HOWEVER - in an effort to verify this, I found I need a means of forcing the prior authenticated user to logoff of Kerio Control. I have found this http://forums.kerio.com/t/11042/how-do-i-force-domain-users- to-log-out-of-the-firewall-when-they-logoff-domain which has a link to a KB that no longer works, so I've no idea as to what it says. Searching the KB by what appears to be the KB # in the URL produced nothing.

I also found this http://manuals.gfi.com/en/kerio/control/content/microsoft-ac tive-directory-apple-open-directory/how-do-i-force-users-to- log-out-of-the-firewall-295.html?Highlight=logout script - however, I cannot get it to work.

By "not work" I mean I am using this in a non-domain setup with a login script on the local computer and local group policy set to run the command at login. I have set the system to show login scripts when running and have a pause command so I have to intervene to let the script end. Yet, I browse the Kerio control logon screen and it says a user is logged in.

Yes, wget.exe is installed, including all the dependencies and the path modified to make sure it is found. I get no visible errors when the script runs, I have run it against SSL and non-SSL and I am using the IP address on the Control VM.

I have looked at the more current powershell "wget" alias and I have neither the time, inclination or apparently the intelligence to try to make that work. There is also nothing that I was able to find in the forums that addressed using power shell of any version.

That said, the ONLY absolutely guaranteed method of a Kerio Control authenticated user logoff so far seems to be the web page, which in the environment I am trying to use it, is not acceptable.

I have used local-run logon scripts for years in non-domain environments so I know the process and I know it works - except when it doesn't.

There REALLY needs to be a way, native to Kerio Control, to do logoffs of authenticated users.

And yes, I know there is a automatic logoff setting, but that too will not work in this environment.

Any ideas?

[Updated on: Tue, 09 May 2017 20:02]

  •  
Brian (GFI/Kerio)

Messages: 763
Karma: 75
Send a private message to this user
Is this a terminal services or other type of multi-user environment? If so you may find this article helpful http://manuals.gfi.com/en/kerio/control/content/server-confi guration-kerio-control/authenticating-users-to-kerio-control -1811.html. Specifically the section "Requiring user authentication when multiple users use one computer".

Brian Carmichael
Instructional Content Architect
  •  
opsimex

Messages: 12
Karma: 0
Send a private message to this user
No, these are standalone computers in a training & software testing environment. There is a common logon for all computers, e.g. "tester". A different logon of course for admin level access.

Brian, I can see the script running at login to the computer, but I have no experience with wget.exe, It appears to run properly and without errors, but I'll have to look deeper into that and any error trapping it might offer. I am not looking for support on that utility, but I was hoping another Control user might have some more insight with a more current version of Control.

I will look at the link you provided as I do have an environment that it specifically addresses.
  •  
Brian (GFI/Kerio)

Messages: 763
Karma: 75
Send a private message to this user
In order to logout a user from the firewall, you need them to reach this link http://firewall_ip:4080/logout
Usually wget.exe is used since it's a command line based utility. Unfortunately I don't have enough experience with Windows logoff scripts to provide a more complete answer.

Brian Carmichael
Instructional Content Architect
  •  
Delaware

Messages: 1
Karma: 0
Send a private message to this user
This is so embarrassing. I neglected to change the "firewall_ip" to the actual IP.

[face palm]

It works.
Previous Topic: Message rejected as malware spam Kerio 9.2.3
Next Topic: 9.2.2- can't connect to VPN using domain accoun
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Tue Oct 24 02:10:51 CEST 2017

Total time taken to generate the page: 0.00521 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.