05-24-2012 04:14 AM
I'm currently setting up a guest vlan with a captive portal. By default this captive portal has 2 options to login, one of the 2 is just to fill in a email address and this works just fine giving the user limited guest access.
The second one is to fill in a username / password pair which can be created in the Guest Provisioning portal. This works fine as well, but what we would like is that the users that are created in this portal get a more open role then the default guest role. How can I do this?
Jan Hugo Prins
Solved! Go to Solution.
05-24-2012 06:31 AM
I believe this can be accomplish by doing the following:
- Set the default role as limited, which it seems you already have.
- Create a new user role with less restriction.
- On the INTERNAL server, create a derivation rule that would place a user in the less restrictive role. You would have to use a common string in each username. Maybe something like "gst-user01". When creating the derivation rule, set the condition to "User-name", Operation "Starts-with", and value "gst-".
I haven't tried this myself but give it a whirl and see if it works. When creating users via the Guest Provisioning Portal, you cannot assign the role, or at least I'm not aware of this. When you create the users from the admin interface, you can assign a specific role.
Hope this helps.
05-24-2012 08:35 AM
From the User Guide:
Role assigned to the Captive Portal user upon login. When both user and guest logon are
enabled, the default role applies to the user logon; users logging in using the guest interface are
assigned the guest role.
Default Guest Role
Role assigned to guest.
When both user-login and guest-login is enabled, guest users (the ones that enter only email address) will be assigned "default guest role" and the ones that login with username and password generated from guest provisioning will be assigned "default role"
Captive Portal Authentication Profile "<profile-name>"
Default Role less-restricted
Default Guest Role guest
Hope it answers your question.