captive portal, popup, and authenticator validity time

Forums Network Management RADIUS 802.1x and Captive Portal captive portal, popup, and authenticator validity time

  • This topic is empty.
Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
  • #43656

    I have ZS set up with a captive portal for user login. I’d like to understand better how the user is kept logged in.

    With a normal windows browser, you get the popup which must stay open to stay logged in… but what about the browsers (e.g. android) that don’t use the popup? How, and how long, do they stay logged in? Is it as long as they’re connected, or is it for the “authenticator validity” time setting?

    Does this mean that I can disable the popup (which may confuse some users) and set the timeout for a long time, so they only have to log in, say, once a day?


    If you go to Users / Accounting / Accounting Class. First you enable Accounting. After you can create an accounting class or use default to limit connection time and assign it to each user.

    I hope in the future we can use group to define this kind of solution.

    You can modify kerberos option for user to limit his connection. But I think Accounting is more efficient to give a general rule.

    Hope this help


    You misunderstand… I don’t want to limit the connection for any particular user; I would just like to make the popup unnecessary.




    The current edition of ZS has a pop-up filter list that disables the pop-up window for specific browsers. You can also turn the pop-up window off entirely, which will keep all activity up to the redirect to the original site in the original window.

    On the Captive Portal config page, look for a ‘popup’ button. This gives you the list of exempt user agents and three pop-up modes: all, none, or all but listed.

    In my recent experience, if I set this to ‘none,’ then no one gets a pop-up window. The logged-on user remains on the logged-on list up to whatever the time limit is, even if they close their original browser window.

    I asked in a recent post if the pop-up is even necessary in an environment where I want to just grant free but timed internet access to everyone. There was another post that showed how to hide the username and password fields, and just use a generic account for everyone and track connections by IPv4 and MAC address. I assume if you have normal user accounts, you could do away with the pop-up as well.

Viewing 5 posts - 1 through 5 (of 5 total)
  • You must be logged in to reply to this topic.