Security

Hi Guys,

Its the 3rd time I'm asking - because i need to figure it out - and build a config that answer my client demands.

I built a self-reg page that create guest account for 1 hour.

And i also configured in the guest manager the following option:

Now... what i need to create / enable for me client is this:

EACH GUEST - CAN WORK FOR 1 HOUR | each 24 HOURS - how can i configure such a role (CPPM 6.1.XX) i need that each guest account will be valid to surf/browse for 1 hour - and after 1 hour it will be block for usage until the next day.

PLEASE SOMEONE CAN DESCRIBE ME THE NEED CONFIGURE PROCESS + WRITE DOWN EXAMPLES.

Thanks

Me

kdisc98 - just want to be sure I understand what you are trying to do:

- A guest can register

- The guest can stay on for 1 hour

- The guest cannot re-register for 24 hours

Questions:

- The limitation of once/24 hours; is that per guest "user" or "device"; in other words, is it OK for the guest to register as another name on the same device?

- A guest can register - YEP , This is working

- The guest can stay on for 1 hour , YEP , This is working

- The guest cannot re-register for 24 hours For this i need your assitance, This i need to understand how to configure.

Questions:

- The limitation of once/24 hours; is that per guest "user" or "device"; in other words, is it OK for the guest to register as another name on the same device? NO - It's a device (MAC/MAC PAIR)

Do you have the MAC/Pair creation working?

let's say i DO (in the past i already configured it , i can re-configure it and add it to the form in a sec) - please continue

:smileysad:

kdisc98,

If you already have mac caching working, meaning if a mac device is being created every time a guest authenticates, we can use that expired mac address during mac authentication to redirect a user to a page that says their account has expired.  I think that is where clembo was going.  But mac caching is a prerequisite to that.

Hi Cjospeh!

ok - and how i configure the mac expire time? via cppm form/guest?  (not the user expire time) - some examples / tips will be g00d.

On The ClearPass Guest Side, go to Customization> Guest Self Registration> Edit.

Below Register Page, Click on Form.  You will be adding two fields to the form, mac, and mac_auth_pair

Click anywhere in the form and click on Insert After.  Select, mac for the field you want to enter and fill out the field like below.  Rank fills itself out, so you do not have to.

When you save that, insert another field "mac_auth_pair" with the parameters below:  Save and get out of registration.  You should be able to go through self-registration with a new user and not only will a user show up under Guests> List accounts, but the mac address of the device that they registered (a paired account) should also show up under Guests> List Devices.  Let us know if that is working first.

Worked before - and working now.

Now - how do i block access for 24 hours/1 day of the device ,after 1 hour usage?

so...i do i continue from here?

please advise.

thanks.

me

Setting up guest account lifetime or expiry time can be tricky, but consider adjusting system parameters like account policies or using third-party tools for better control. Think about custom scripts or group policies to automate expiration, enhancing security by limiting access and minimizing potential risks.