Captive profiles are configured at the users captive-profiles level.
To create a Captive profile, use the following command:
Admin@nodename# create users captive-profiles <parameter>
Provide the following parameters:
Parameter |
Description |
---|---|
name |
Captive profile name. |
description |
Captive profile description. |
auth-template |
Auth template. |
auth-mode |
Authentication mode UserGate uses to "remember" a user:
|
auth-profile |
Authentication profile that defines authentication methods. For more details on configuring authentication profiles using the CLI, see the Configuring Authentication Profiles section. |
custom-redirect |
URL to redirect the user to after successful authentication using the Captive portal. If not specified, the user is redirected to the URL they requested. |
use-cookie |
Option to save authentication in the browser for a specified time interval. This information is saved in a cookie.
|
cookie-exptime |
Time for which authentication is saved (in hours). |
enable-ldap |
Option to choose an AD/LDAP domain on the login page:
|
use-captcha |
Prompt a user for a code shown on the Captive portal login page:
|
use-https |
Use HTTPS when displaying the Captive portal authentication page. A properly configured captive portal SSL certificate is required.
|
notification-profile |
The notification profile for sending information about the created user and their password to guest users. For more details on configuring notification profiles using the CLI, see Configuring Notification Profiles. |
notification-sender |
Sender of the notification. Specify a name (if using an SMPP profile) or an email (if using an SMTP profile). |
notification-subject |
Subject of the notification, if using email notifications. |
notification-body |
Body of the email. In the message body, you can use special variables named {login} and {password} that will be replaced with the username and password, respectively. The notification text is separated by quotation marks (""). |
exp-time |
Date and time to disable a temporary user account. Format: yyyy-mm-ddThh:mm:ssZ. |
session-ttl |
Amount of time (in hours) from the first temporary user authentication, after which their account will be disabled. |
password-len |
The password length is 1 to 15 characters. |
password-complexity |
Password complexity:
|
ta-groups |
The groups to which the created guest users will be added. |
captive-auth-mode |
Select Captive profile authentication method:
|
uc-profile |
Select the user certificate profile for PKI-based authentication. |
To edit a profile, use the following command:
Admin@nodename# set users captive-profiles <captive-profile-name> <parameter>
The parameters available to update for a captive profile are the same as those for creating a profile.
To display captive profile settings, use the following command:
Admin@nodename# show users captive-profiles <captive-profile-name>
Example of creating and editing a captive profile:
Admin@nodename# create users captive-profiles name "New captive profile" auth-profile "LDAP auth profile" captive-auth-mode aaa enable-ldap on Admin@nodename# set users captive-profiles "New captive profile" use-https on
To delete a profile, use the following command:
Admin@nodename# delete users captive-profiles <captive-profile-name>
To delete a temporary user group (you need to have at least one temporary user group specified), use the following command:
Admin@nodename# delete users captive-profiles <captive-profile-name> ta-groups