Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Amigopod / ClearPass Guest Questions - Misc

This thread has been viewed 0 times

  • 1.  Amigopod / ClearPass Guest Questions - Misc

    Posted Jun 04, 2012 05:43 PM

    I have a few misc questions about the ClearPass Guest / Amigopod.

     

    We have a partial deployment (using the database for 802.1x PEAP) and are now tacking on the self-registration / guest portal to a new WLAN and I have a few general questions.  I've already spent a fair amount of time with the KB / documentation.

     

    - How do I have to have things setup so the account expiry for the self-registration created accounts can be set BELOW 24 hours? It doesn't appear to accept a number lower (get expiry field errors, even though it accepts a default field value of 10, when I lower the number below its default of 24)

     

    - Does the system handle session timeouts? If so, how? (IE - timeout after an hour of inactivity) Do I have to just manage this on the controller and kill the sessions altogether?

     

    - Is there a way to send a user their account name / password by default when their password is changed by an operator? (I have played with the form fields, but haven't come up with anything)

     

    - Is there any mechanism for users to deal with their own account expiry, besides leaning on an operator?

     

    I appreciate any responses greatly.

     

    Thank you,

     

    -J



  • 2.  RE: Amigopod / ClearPass Guest Questions - Misc

    Posted Jun 05, 2012 07:55 AM

    Hello Jeremy!

     

    Note - my experience is on pre-3.9.. Also I don't know if your scenario involves Sponsor confimation, so just add more information if the answers below isn't sufficient.

     

    Account-expiration

    Edit the self-registration. Click on Register Page - Form. Edit the "Expire after" field. Value can be 1 or higher.

     

    Timeouts

    This you handle on the Controller under Authentication/Advanced. User Idle Timeout.

    To get more detailed statistics on your Clearpass you should enable "RADIUS Interim Accounting" in the aaa-profile.

     

    Auto-send username/pw

    In a self-registration scenario I don't really see a need for the Operator to do anything, since the guest can just re-register and the account will be updated both with new expiration and password.

     

    Still - I don't think it's possible to auto-send on other actions than create, so you will have to click on Send receipt after the password update

    To accomplish this you will have to add is under Customization/Guest Manager. Check the "Password Display" option, and note the comments on this field as in what kind of access the operator will need.

    Once the Operator has done Reset Password / Update Account he/she will be presented the options to print or send by SMS (if this is configures).

    You can configure different Email templates to customise your need.

     

    User handling account expiration

    As mentioned above - with Guest Self-Registration they can just register again once expiration occurs.