02-12-2016 09:37 AM
My organization wants to extend the expire time for guest accounts by 30 days on each successful login. This would result in a guest account remaining valid indefinitely as long as it was used within 30 days of last login and would expire if not used in 30 days.
I have found some examples of similar requests, but most do not have a full solution, and one suggests writing directly the database tables, which I am not excited about.
I was hopeful I could accomplish this with an enforcement profile. There is a ‘ClearPass Entity Update Enforcement’ of:
Is my goal the intent of this attribute? If so, can someone assist me with the proper value syntax?
I have also attempted by creating a dictionary attribute in CPPM for the expire_time field from entity GuestUser and manipulating it via an enforcement profile with no good results.
If anyone knows another/better approach to this solution, please direct me.
Thank you in advance.
02-12-2016 09:40 AM
02-12-2016 11:14 AM
Preferably both, but if the MAC caching element makes it too complicated, could probably work with allowing MAC caching for a short period of time (day/week) and then advance expire date on next web login.
02-12-2016 11:18 AM
05-18-2016 02:14 PM
I have a group looking for something similar to what is described. Cappalli suggests using an enforcement profile in the Mac auth to change the "mac-auth expiry" value. I have attempted to do this without success. Currently running 6.6x of Clearpass and the only value allowed is an exact date and time for the attribute. Adding "now()+(n)days" does not pass the validation for the attribute.
error is :
|Value "now()+30 days" must have hh:mm:ss format (e.g., 17:05:55)|
I am currently using the "Self-Validated" model by Michael Clarke and would like to work this in some how. Any assistance would be appreciated.