Security

Reply
New Contributor
Posts: 2
Registered: ‎02-02-2015

Clearpass Guest / No Expiry / Session-Timeout Value

[ Edited ]

Hi all,

 

We recently upgraded our CPPM and GUEST to 6.4.4.

 

We ran into an issue this morning where guest accounts are unable to login. 

 

When checking CPPM, the user is authenticated, however, the value for Session-Timeout = 0.

 

We are dynamically pulling that value in our CPPM service using the builtin variable

 

%{Authorization:[Guest User Repository]:RemainingExpiration}

 

This seems to be working as there is a valid number there for users who have a static expiration date.

 

For users with no expiration date, that value is being calculate to 0, thus denying any login attempts at all.

 

The issue only affected users who have NO EXPIRATION set on their guest account.

 

When I manually assigned an expiration date to these users, I verified that CPPM shows the Session-Timeout = some number greater than 0.

 

It seems there is a bug in CPPM / GUEST in 6.4.4 that calculates the Session-Timeout value to be 0 for any guest users with no expiration set on them.

 

Has anyone else had this issue? Can anyone else verify if this is truly a bug or something unique to our environment?

 

TIA!!!

New Contributor
Posts: 2
Registered: ‎02-02-2015

Re: Clearpass Guest / No Expiry / Session-Timeout Value

Bump.

 

Nobody?

Aruba
Posts: 1,537
Registered: ‎06-12-2012

Re: Clearpass Guest / No Expiry / Session-Timeout Value

Please open a TAC case. It sounds like it might be an upgrade bug but they will need to dig into the logs.
Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Search Airheads
Showing results for 
Search instead for 
Did you mean: