Configuring Captive Profiles

Captive profiles are configured at the users captive-profiles level.

To create a Captive profile, use the following command:

Admin@nodename# create users captive-profiles <parameter>

Provide the following parameters:

Parameter

Description

name

Captive profile name.

description

Captive profile description.

auth-template

Auth template.

auth-mode

Authentication mode UserGate uses to "remember" a user:

  • cookie --- Запоминать cookie. After a user successfully authenticates through the Captive portal, UserGate remembers the user's IP address, and any subsequent connection from that IP address will be attributed to that user. This is the default method.

  • ip --- Запоминать IP-адрес. After a user successfully authenticates through the Captive portal, UserGate adds a cookie to the user's browser to identify subsequent connections by that user.

auth-profile

Authentication profile that defines authentication methods. For more details on configuring authentication profiles using the CLI, see the Configuring Authentication Profiles section.

custom-redirect

URL to redirect the user to after successful authentication using the Captive portal. If not specified, the user is redirected to the URL they requested.

use-cookie

Option to save authentication in the browser for a specified time interval. This information is saved in a cookie.

  • on

  • off

cookie-exptime

Time for which authentication is saved (in hours).

enable-ldap

Option to choose an AD/LDAP domain on the login page:

  • on

  • off

use-captcha

Prompt a user for a code shown on the Captive portal login page:

  • on

  • off

use-https

Use HTTPS when displaying the Captive portal authentication page. A properly configured captive portal SSL certificate is required.

  • on

  • off

notification-profile

The notification profile for sending information about the created user and their password to guest users. For more details on configuring notification profiles using the CLI, see Configuring Notification Profiles.

notification-sender

Sender of the notification. Specify a name (if using an SMPP profile) or an email (if using an SMTP profile).

notification-subject

Subject of the notification, if using email notifications.

notification-body

Body of the email. In the message body, you can use special variables named {login} and {password} that will be replaced with the username and password, respectively. The notification text is separated by quotation marks ("").

exp-time

Date and time to disable a temporary user account. Format: yyyy-mm-ddThh:mm:ssZ.

session-ttl

Amount of time (in hours) from the first temporary user authentication, after which their account will be disabled.

password-len

The password length is 1 to 15 characters.

password-complexity

Password complexity:

  • num: numbers only.

  • alpha_num: numbers and letters.

  • alpha_num_special: numbers, letters, and special characters.

ta-groups

The groups to which the created guest users will be added.

captive-auth-mode

Select Captive profile authentication method:

  • aaa: authenticate using a local user login/password or an AAA server.

  • pki: X.509 certificate-based authentication.

uc-profile

Select the user certificate profile for PKI-based authentication.

To edit a profile, use the following command:

Admin@nodename# set users captive-profiles <captive-profile-name> <parameter>

The parameters available to update for a captive profile are the same as those for creating a profile.

To display captive profile settings, use the following command:

Admin@nodename# show users captive-profiles <captive-profile-name>

Example of creating and editing a captive profile:

Admin@nodename# create users captive-profiles name "New captive profile" auth-profile "LDAP auth profile" captive-auth-mode aaa enable-ldap on Admin@nodename# set users captive-profiles "New captive profile" use-https on

To delete a profile, use the following command:

Admin@nodename# delete users captive-profiles <captive-profile-name>

To delete a temporary user group (you need to have at least one temporary user group specified), use the following command:

Admin@nodename# delete users captive-profiles <captive-profile-name> ta-groups