12.8.6. Configuring Captive profiles

You configure Captive profiles at the users captive-profiles level.

To create a Captive profile, use the following command:

Admin@UGOS# create users captive-profiles

Provide the following parameters:

Parameter

Description

name

Captive profile name.

description

Captive profile description.

auth-template

Auth template.

auth-mode

Authentication mode UserGate uses to "remember" a user:

  • ip: use the IP address. After a user successfully authenticates through the Captive portal, UserGate remembers the user's IP address, and any subsequent connection from that IP address will be attributed to that user. This is the default method.

  • cookie: use cookie. After a user successfully authenticates through the Captive portal, UserGate adds a cookie to the user's browser to identify subsequent connections by that user.

auth-profile

Profile that defines authentication methods. For more details on configuring authentication profiles using the CLI, see the section Configuring authentication profiles.

custom-redirect

URL to redirect the user to after successful authentication using the Captive portal. If not specified, the user is redirected to the URL they requested.

use-cookie

Option to save authentication in the browser for a specified time interval. This information is saved in a cookie.

  • on.

  • off.

cookie-exptime

Time for which authorization is saved (in hours).

enable-ldap

Option to choose an AD/LDAP domain on the login page:

  • on.

  • off.

use-captcha

Prompt a user for a code shown on the Captive portal login page:

  • on.

  • off.

use-https

Use HTTPS when displaying the Captive portal authentication page. A properly configured captive portal SSL certificate is required.

  • on.

  • off.

notification-profile

The notification profile for sending information about the created user and their password to guest users. For more details on configuring notification profiles using the CLI, see Configuring notification profiles.

notification-sender

Sender of the notification. Specify a name (if using an SMPP profile) or an email (if using an SMTP profile).

notification-subject

Subject of the notification, if using email notifications.

notification-body

Body of the email. In the message body, you can use special variables named {login} and {password} that will be replaced with the username and password, respectively. The notification text is separated by quotation marks ("").

exp-time

Date and time to disable a temporary user account. Format: yyyy-mm-ddThh:mm:ssZ.

session-ttl

Amount of time (in hours) from the first temporary user authentication, after which their account will be disabled.

password-len

Length of the password: from 1 to 15 characters.

password-complexity

Password complexity:

  • num: numbers only.

  • alpha_num: numbers and letters.

  • alpha_num_special: numbers, letters, and special characters.

ta-groups

The groups to which the created guest users will be added.

To update a profile, use the following command:

Admin@UGOS# set users captive-profiles <captive-profile-name>

The parameters available to update for a captive profile are the same as those for creating a profile.

To delete a profile, use the following command:

Admin@UGOS# delete users captive-profiles <captive-profile-name>

To delete a temporary user group (you need to have at least one temporary user group specified), use the following command:

Admin@UGOS# delete users captive-profiles <captive-profile-name> ta-groups

To display captive profile settings, use the following command:

Admin@UGOS# show users captive-profiles <captive-profile-name>