User Management

Show the current properties for a specific user or group:

./confdba -us -p

Show the current properties for all user/groups:

./confdba -us

Generate a standard profile for a user that requires credential entry:

./sacli --user <user> GetUserlogin >client.ovpn

Generate an autologin profile for a user that doesn't require credential
entry (autologin profiles use only a client certificate for security):

./sacli --user --key prop_autologin --value true UserPropPut
./sacli --user GetAutologin >client.ovpn

Generate a Windows MSI-based installer that is bundled with a standard
profile:

./sacli --user AutoGenerateOnBehalfOf
./sacli --itype msi --cn -o GetInstaller

Generate a Windows MSI-based installer that is bundled with an
autologin profile:

./sacli --user --key prop_autologin --value true UserPropPut
./sacli --user AutoGenerateOnBehalfOf
./sacli --itype msi --cn _AUTOLOGIN -o GetInstaller

Add a user to a group:

./sacli --user --key conn_group --value UserPropPut

Assign a user a fixed IP address:

./sacli --user --key conn_ip --value UserPropPut
./sacli start

NOTE: When assigning fixed IP addresses, note that the Access Server scales
more efficiently when users having fixed IP addresses are members of
a group.

Revoke a user's client certificate and profile, so that the user
cannot log into the VPN server until they obtain a new profile:

./sacli --user RevokeUser

Ban a user from logging into the VPN or Web server
(doesn't affect a user who is already logged in -- for this,
use DisconnectUser below):

./sacli --user --key prop_deny --value true UserPropPut

Re-admit a user who was previously banned:

./sacli --user --key prop_deny --value false UserPropPut

Disconnect all instances of a given user profile from the VPN
(To prevent them from logging back in, ban them before issuing
this command).

./sacli -u DisconnectUser

This command will return the number of clients that were disconnected.

Grant a user admin privileges:

./sacli --user --key prop_superuser --value true UserPropPut

Revoke admin privileges:

./sacli --user --key prop_superuser --value false UserPropPut

Allow a user to obtain an autologin profile (i.e. a profile that doesn't
require credential entry):

./sacli --user --key prop_autologin --value true UserPropPut

Allow all users to obtain an autologin profile:

./sacli --user __DEFAULT__ --key prop_autologin --value true UserPropPut

Undo the above setting:

./sacli --user __DEFAULT__ --key prop_autologin UserPropDel

Disable LZO compression for a given user/group (regardless of the global
LZO setting).

./sacli --user --key prop_lzo --value false UserPropPut

Enable LZO compression for a given user/group (regardless of the global
LZO setting).

./sacli --user --key prop_lzo --value false UserPropPut

Override the global redirect-gateway setting for a specific user/group
(redirect-gateway, when enabled, causes the VPN client to route
all of its internet traffic through the VPN).

./sacli --user --key prop_reroute_gw_override --value UserPropPut

Where is one of:
disable : disable redirect-gateway for this user
dns_only : disable redirect-gateway for this user, but still route DNS
global : use global redirect-gateway setting (default)

Delete a user/group properties setting, reverting it to the default. For
example:

./sacli --user --key prop_reroute_gw_override UserPropDel
./sacli --user --key prop_lzo UserPropDel
./sacli --user --key prop_autologin UserPropDel

Configure a user/group so that profiles or installers downloaded from
the Access Server (by the user or members of the group) will, by default,
be set to run as a service:

./sacli --user --key cli_service --value true UserPropPut