xe subject-list

You may wish to apply a filter to the list, for example to get the subject identifier for a user named user1 in the testad domain, you could use the following command:

xe subject-list other-config:subject-name='<domain\user>'

2.Remove the user using the subject-removecommand, passing in the subject identifier you learned in the previous step:

xe subject-remove subject-identifier=<subject identifier>

3.You may wish to terminate any current session this user has already authenticated. See Terminating all authenticated sessions using xe and Terminating individual user sessions using xe for more information about terminating sessions. If you do not terminate sessions the users whose permissions have been revoked may be able to continue to access the system until they log out.

Listing subjects with access

To identify the list of users and groups with permission to access your XenServer host or pool, use the following command:

xe subject-list

Removing access for a user

Once a user is authenticated, they will have access to the server until they end their session, or another user terminates their session. Removing a user from the subject list, or removing them from a group that is in the subject list, will not automatically revoke any already-authenticated sessions that the user has; this means that they may be able to continue to access the pool using XenCenter or other API sessions that they have already created. In order to terminate these sessions forcefully, XenCenter and the CLI provide facilities to terminate individual sessions, or all currently active sessions. See the XenCenter help for more information on procedures using XenCenter, or below for procedures using the CLI.

Terminating all authenticated sessions using xe

Execute the following CLI command:

xe session-subject-identifier-logout-all

Terminating individual user sessions using xe

1.Determine the subject identifier whose session you wish to log out. Use either the session-subject-identifier-listor subject-listxe commands to find this (the first shows users who have sessions, the second shows all users but can be filtered, for example, using a command like xe subject-list other- config:subject-name=xendt\\user1– depending on your shell you may need a double-backslash as shown).

2.Use the session-subject-logoutcommand, passing the subject identifier you have determined in the previous step as a parameter, for example:

xe session-subject-identifier-logout subject-identifier=<subject-id>

Leaving an AD domain

Warning:

6

Page 25 Page 27
Page 26
Image 26
Citrix Systems 5.6 manual Removing access for a user, Leaving an AD domain, Listing subjects with access
Page 25 Page 27
Top Page Image Contents