How to list all "licensed users"
Recently customer want to let users register TOTP to use VPN.l
But he want to generate licensed user list.
I check the report...the user report seem only keep 30 days....and he find user who un-register method to return license ,but the user report still show this user is licensed user.
How to generate all "licensed user list" no matter he resiger's date ?
as below screenshot....this testing user's name is ksato
he unregister TOTP and no other method assign to him,,,'
but the user report still show he still keep "is enrolled"
Hi @wencheng ,
Probably this is some misunderstanding, screenshot mention that user KSato is enabled and last login was 1 Feb. I could suggest two ways to check what method enrolled:
1. Make "Authenticators" report, btw we have a UI bug related with Users and Authenticators reports, time interval shouldn't be available for that type of reports. But currently it is just ignored. Export report and find details for specific user.
2. You can take a look on SLAnalyzer utility, it is available here: https://ftp.novell.com/pub/SLAnalyzer/
It is possible to build enrolled methods database, see more for details at SLAnalyzer user guide.
Let me know incase of any questions.
Authenticators report is not I want...because is just provide records that who recently use....so this report will show duplicator username in report.
I need a report clear provide who has use a license....
Now the report that AA provide , if he clear all methods...the license return to unused count...the user report also not I need, because it still count this user show "enrolled"
customer could not list the license who indeed use the license
There is also an old-school console tool that generates an HTML with a table (users/methods). Probably, it will be more helpful.
Please read the instructions inside the zip.
Hi @George Teys
I had tested this tool in my testing lab. Yes...the list match the license used.
But for customer production....it has windows client or other AA compoment installed...but customer could not install them.
could we have any method to modify it (like properties setting) or do you have source script that I could ask my colleage modify it ??
As far as I remember, any Windows component is required just to let the tool use the existing endpoint. You can create an endpoint manually and put its id and secret to C:\ProgramData\NetIQ\Windows Client\config.properties. Please test in your lab before sharing it with your customer.
Hi @George Teys
manual add endpoint method could use run this tool...
And I "need" modify my previous answer...
I use this tool to generate report...I find the admin webconsole still show used license is 6
But the output report show total user is 7 accounts
I try to reboot AA Server and re-check the used license from Admin webconsole and re-generate report from this tool....the total used license and report are mismatch.
Whether total used license is static check schedule or not ?? if I could forace manual to let it re-check used license again ?
First of all, the user license is not consumed if the user has only the LDAP Password method enrolled.
Secondly, at the bottom of the page https://www.netiq.com/documentation/advanced-authentication-63/server-administrator-guide/data/add_license.html there is a hint on how to free up the user license.
There you may find a reference to a policy that retains the users marked for removal in the database.
This command will allow seeing how many users marked for removal:
docker exec aaf_audb_1 psql -U root -d aucore_prod -P pager=off -c "SELECT * from public.user where deleted_at<>NULL;"
If you still have confusion, please also look at the number of users in the Repository section.
The users from the LOCAL repository also consume the licenses. Even if the user has only the Password method enrolled.