How do I force users to log out of the firewall?
Article Number: 295 | Last Updated: Sat, Jan 4, 2014 5:37 PM
Kerio Control can use NTLM authentication to allow users to automatically log onto the firewall when they are logged onto an ActiveDirectory or NT domain. However if the user does not manually logout from Kerio Control, his session remains active until the session timeout period expires. This timeout period is set to 2 hours by default.
If user logs out from Windows, he does not logout from Kerio Control. Once again the timeout is 2 hours. The consequence of this is that a user license will continue to be in use. If you have more users than licenses this may prevent a new user from being able to connect through Kerio Control. Furthermore the next user on that computer will appear to be the previous user. This may lead to incorrect logging of user activity.
It is possible to create a logout link and store it as a bookmark in order to logout from Kerio Control, or alternativelly it is possible to use some logout script to logout user automatically.
It is possible to automate the Kerio Control logout process by using a script which is called during the logout from Windows. This method will be useable for any number of users who are sharing the same machine.
In Active Directory, the Directory Controller will allow to run a script during the user's logout. This script will perform the logout automatically for the user by calling a utility which makes the necessary HTTP request to the Kerio Control's webserver for logout.
The script needs to open this URL: http://firewall_ip:4080/logout
Here is an example script which uses the freely available wget program.