hi
i want to bind the login user with his own client IP . for example, finince user
can only login the system from finiance office . any suggestion ? thinks

Firstly , the main problem is to get hot IP adress. For this look at this thread
http://www.baanboard.com/baanboard/showthread.php?t=22761&highlight=host
After that create table that contains configuration file for user names and their fixed IP adress and then create session for check user connections. If there is a problem then kill user's process. Don't forget to add this session to baan.startup sessions.

That 's All. But it is very complicated. I hope this gives you any idea.

Good Luck !

thanks very much
i am checking the related information .
one option ?: to write a sript to check if the lognam is matched with IP and run it before bshell , problem is that if i can find a way to get client IP before bshell is performed

the second option /: write a session and add it to be a boot session . and this session call a unix script to check and kill . after bshell is performed ,we can get the information like that " baanuser@<clienthostname>

i am trying the first option...

It is simple. We have AIX and Oracle too. What we have is a proven method, and one that we have been using. Just use the "/etc/host" file on your AIX server. If they don't have an IP address entry in our "/etc/host" file, then it does not let them in.

Gilbert Guymer
Database Administrator
Lufkin Industries, Inc.

gguymer
it is different . i wish user A can only login baan from his own client machine.
he cannot login from any other client computer . so each computer has a fixed IP in my company . so i wish bind Ip with logon user

What about doing the following?
Setup a config file in the server where you specify pairs of IP and usernames (so that the system knows from where each user is allowed to login)
Build a script that is run before calling the bshell that
- gets the corresponding line of the current user/PID from a netstat -p|grep ^tcp (you can further tune to specific ports, etc.) and then compares the resulting IP against the previous list: not matched, the user is not logging in from his PC and thus is not allowed to continue

This can be further tuned allowing user to login from multiple IPs or entire LANs, etc., all depends on the check script and config file.

nice . this is just what i want. but the problem is how i can get the client ip before bshell running. my os is aix5,netstat -p |grep tcp cannot get logon user name . how can i know the logon user name and his client ip at os level?

netstat -p only gives PID/login if run as root.
Make a small batch script (with traps) that is run with root suid that runs a netstat -p|grep ^tcp to generate the list that the remaining bshell wrapper will use.