Security

Two questions:

*Can i configure CPPM guest - to delete expired accounts in a spsefic hour ? (24:00 daily bases) - please advise.

 *Can i configure the CPPM to delete expired account - after 24hours since login

Please advise.

me

I want this expired device to be deleted (in order for the guest be able to login for another 30min) - 24Hrs after beened created&logged in.

please advise.

Have you tried doing here ? action after expiration: 

But I think it may not be supported under 6.0.

Expiration Relative to Login, and Expiration Action
The expire_postlogin (Lifetime) field is used to specify an expiration time that takes effect after the first
login of a guest account.(#10442)
The do_expire (Expire Action) field is used to specify the action to take when the expiration time
(expire_time) is reached for a guest account. (#10442)

Attachment(s)

ClearPass_6.1_RN.pdf   671 KB 1 version

Thanks on a gr8 info.

Is there importent order i should place thoese options in the form?

BTW: i'am using CPPM evel lic - version number: 6.0.2.46902 - it will work for me? please advise.

Unfortunately is not supported under the 6.0.x version according to the 6.1 release notes :

Ok - thanks on the info  So in 6.0.X  my only solution is to set expiry time to amount needed for each guest,and set the database clear of expired accounts to 24 hours. *That's the only way i can achive + - what my client want*

I still dont see that the CPPM cleaning expired accounts: (I can see that guest account that already expired)

even due i set the following confg:

I set "Expired guest account cleanup interval" on 1 day , yesterday afternoon and now it's 00:57...When the cppm will clean up?

please advise.

Thanks.

Me

I think those havent been removed because those accounts were used recently : 10 Hrs or 4 Hrs  ...

You may have to wait until that account has been expired for 24 hrs since the last time the account was used or considered active/valid.

so....when i configre expire time,and the guest account is expired...the guest will continue to browse/surf...it's not normal...i build all this configuration in CPPM evel in order the guest user to be disconnect and back to the login-page agian at the end of the 1 hour.... so something is missing if i need manauly to disconnect thoes guests...

After the account expired it shouldn;t be able to continue to browse , unless accounting is not working properly

Have you tried manually disconnecting the user from the active guest list ?

After the account expired it should be able to continue to browse

WHAT?????????????????????????????????????????????????????????

I'am using the CPPM in order for it to enable guest users to self login and after 1 hour to disconnect them and give them the cap role agian.

manaully the CPPM can disconnect and delete guests accounts...but i cant show to my client and my CEO a manually soultion.

it shold and need to be automatic. for this the GUEST module designed for.

are u sure:

After the account expired it should be able to continue to browse ?

it's just dosent sound right... (ANYONE else here can advise please)

Sorry I meant to say it shouldn't able to browse

The reason I asked about the manual option is to see if accounting is working.

It should work automatically .

Ok - Thank u .

It's working well. the COA is working. in the expiry time and also manually