Hello guys!

I´m trying to restrict the connection off the users of baan, only allowing a user to connect from a particular PC. For example the user pquerini only can login to baan from his particular PC. I think this could be validated by Baan in some way, but I couldný find the way.
I would be very gratefull if you could give me some kind of help about this.

Than you, and regards.

Why do you want to restrict the access from within Baan instead of restricting the user access on the PC itself - easier?

There are some PC that are used by users that don´t work with baan. They loggin into the PC, and then another user, that have access to baan, loggin from this PC to baan, but this user also have a connection to baan open in another PC(normally his own PC). After this user have finished his work on the PC of the other user, he left open the connection to baan here. And nobody close this connection. We solve this in part with the session_timeout variable, but we still have to reduce this particular situation and only allowing a user to connect to baan from a particular PC. In unix we could do this using the session of tools "Maintain Terminal Permissions for User", but in NT we are trying to find how can we do this.

Thank you and regards

PD: About this particular situation in UNIX we are starting to test the functionaliy off the mentioned session off baan.

(BAAN IV c4)

I have not tested this, but maybe some experts users can add comments to this suggestion i write:

You can use sessions:

- ttaad2107m000
- ttaad2106m000
- ttaad2105m000

You define a new Group session with a new custom session:

New Custom Session (Write & check log users) 3 Steps in script

Step 1: This session will first read the data yo are going to write in step 3.

Step 2: If this data does not match with the data that exist in step 3 You can get action EXIT (See bellow), and if there is no data writtten (first time used) go to step 3

Step 3: create in a table or in Aplication Locks, or in a file in ¨{$HOME} user's folder , for example, the information needed to check what you are trying to do. User name and PC name.


Well, Step 3 only will occur :

- Written directly for you as Administrator, in order to define which PC can connect to BaaN
- By the user, the first time he connects to BaaN if you do not write first any data


ACTION EXIT: This action is to get out of BaaN that user, for example killing its processes in the same bshell started.

I'm not sure which code has to be written, that is for other folks.

Sounds complicated, I know, but I think it can work.

P.D. Because this suggest is not checked, take care, please and comment before execute. Thanks.

Alejandro:

First of all, thanks for the idea. I think it`s very usefull. In Some way, I was thinking of doing something like this, but instead of a session, the alteraetive could be executing a script before the execution of the bshell, launched by the client, that verifies the user and the PC, and if all is all rigth, continue with the connection to baan through the bshell.

When I Posted this question, I thouth it could exist in baan some kind of environment variable(like session_timeout as I mentioned before), where you can set for each user the PC allowed him to connect from. In Fact, there are sessions in baan, that allow to define for each user, the Terminals they can used to loggin into baan. But this functionality is only available with UNIX, and what I don`t know if when you have Unix as the server for Baan, but the terminals are with windows OS, you can use this functionality. This is what we are going to test in the instalation.

Really, thanks for your help. If we finally can solve this problem, I will let you know.

Regards(Muchas Gracias y Saludos)

From your description, look like the problem is that a user connects more than once, [usually from another PC than it's own] (if you are using DHCP the check for the PC may be a problem)?

The best and easiest way is to write a script that is called instead of the bshell first and that checks if that user is already running a bshell, if so, does not allow him to continue. On NT you would need to build an .exe to be run instead of the bshell that would call the later one if all OK.

Victor:

Thanks for your help. I am trying something like you suggested.


Regards, Pablo