Security

Reply

Clearpass Guest - automating weekly password change

I have a customer who wants to have for the Guests a simple static username/password.  Every week the password is to be changed?  Easy enough to setup reception logins so that someone can manually change it, but was wondering if there is a way to automate that password change?


If my post is helpful please give kudos, or mark as solved if it answers your post.

ACCP, ACCX #817, ACMP, ACMX #294
Guru Elite

Re: Clearpass Guest - automating weekly password change

Nothing built-in, but the API could be used.


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480

Re: Clearpass Guest - automating weekly password change

Thanks Tim.  Indeed it can.

 

Just craft the XML with the right user password and run the following command:

 

curl -k -u "apiadmin:q1w2e3" -X POST https://192.168.1.212/tipsapi/config/write/GuestUser -H "Content-Type:application/xml" --data @test.xml

 

Example "test.xml":

 

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>

<TipsApiRequest xmlns="http://www.avendasys.com/tipsapiDefs/1.0">

<TipsHeader version="3.0" source="Guest"/>

<GuestUsers>

<GuestUser enabled="true" expiryTime="2014-09-30 12:24:37" startTime="2014-08-30 12:26:08" sponsorName="admin" guestType="USER" name="guest2" password="test">

</GuestUser>

</GuestUsers>

</TipsApiRequest>

 

So each week, I just need to change the line with the Guest details.  I can recreate that line with the following in linux.  Bit raw and clunky but works.

 

echo "<GuestUser enabled=\"true\" expiryTime=\""`date -d "+1 week" +%Y-%m-%d" "%H:%M:%S`"\" startTime=\""`date +%Y-%m-%d" "%H:%M:%S`\" sponsorName=\"admin\" guestType=\"USER\" name=\"guest2\" password=\"`echo $RANDOM$RANDOM | cut -c 1-8`\"


If my post is helpful please give kudos, or mark as solved if it answers your post.

ACCP, ACCX #817, ACMP, ACMX #294
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: