08-19-2015 07:33 AM
I'm using CPPM 6.5 for an hotspot SSID with guest self-registration, social login and mac-auth/caching.
My issue is when a guest account turns expired, the client is still able to access the network and the login status on the access tracker is accept.
In the alert tab I got this message: "Policy server Failed to get value for attributes=[AccountEnabled, AccountExpired]", seems like is not able to read into the Guest user repository DB to look for those values.
I've created the 2 mac authentication rules using the "Guest authantication with mac caching" template.
I've looked around here in the community as well but I'm not able to find anything and I'm stuck with the problem.
Anyone with the same issue?
Solved! Go to Solution.
08-19-2015 07:36 AM
Do you have the guest user repository as an authorization source for the MAC-auth service?
08-19-2015 08:18 AM
08-19-2015 08:30 AM
Hm. Can you post the access tracker request with the different tabs?
08-20-2015 06:24 AM - edited 08-20-2015 06:32 AM
ClearPass is working as expected. The captive portal role is being returned in the RADIUS response. The problem is on the controller side. Does the Aruba User role match exactly: guestlogin?
08-20-2015 06:34 AM - edited 08-20-2015 06:41 AM
as I'm using instant APs managed by Airwave, I can't find where I can configure that into the group instant config tab.
But shouldn't be ClearPass that automatically reject the connection (because the user is expired) and so the client goes on the captive portal?