03-27-2012 05:37 AM
Working on an idea to allow a manner of login/logout for users coming through captive portal auth.
On a system that may or may not be identified on the back-end, I can load the captive portal page URL manually and set/change the user-id.
When I try to load the page again, I only get a blank page - is there a URL I can load to generate a 'logout' or ID clear event, or at least some way to force the captive portal to load again so users can enter a dummy 'logout' user?
03-27-2012 10:07 PM
By design Captive-Portal will only redirect to the login page if the user is considered "unknown" by the firewall. The only way I can think of to force the user to login again manually is by running:
> clear user-cache ip x.x.x.x
Of course this isn't ideal, because you'll have to manually clear the user-ip-mapping for each user manually from the cli.
The only other thing I can think of that may help is if you lowered the expiration timer for the Captive-Portal mappings.
03-28-2012 05:49 AM
Thanks for the info. We are looking into generating a user-id event against AD as workaround for this. This is for iPads primarily we are thinking a custom app that generates an LDAP login - "logout" would be changing the user-id to a user with no rights.
03-28-2012 12:41 PM
Hi...You may want to review this method: https://live.paloaltonetworks.com/docs/DOC-1642.
Also, if your iPad users are logging into Exchange to get email, our 4.1 UserID agent will monitor Exchange events now. Thanks.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!