Security

Reply
Contributor I
Posts: 32
Registered: ‎06-05-2014

How to disconnect Users at a specified time?

Hey everybody,

 

we are using CPPM 6.4 with the Guest module.

 

I want to disconnect guest users at a specified time using CoA or Radius Session-Timeout.

 

One customer wants to have specified time ranges for their guest users.

I already updated the service so they can only login in the specified time, but of course don't get disconnected when the end time is reached.

 

The biggest problem is that we have different guest roles with different time ranges.

Would it be possible to disconnect a users with a specific user role at 10pm for example?

 

The users shall not expire! They will be able to reconnect again at the next day in the specified time range.

 

The authentication is using captive portal.

The NAS device is a IAP.

 

 

Regards,


Sven
ACMP + ACCP
Guru Elite
Posts: 7,853
Registered: ‎09-08-2010

Re: How to disconnect Users at a specified time?

You would need to use the time source as an authorization source and calculate the difference between the authentication time and 10 PM and then return that amount of time as a session timeout.


Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Contributor I
Posts: 32
Registered: ‎06-05-2014

Re: How to disconnect Users at a specified time?

 

This required some PostgreSQL knowledge but I have a running solution now :)

 

Step 1: Add TimeSource as Authorization Source

 

Step 2: Add Filter to TimeSource 

select (extract(epoch from date(CURRENT_DATE) + time '22:30' - now()))::int as Until2300;

 

Step 3: Enforcement Profile with Session-Timeout

Radius:IETFSession-Timeout=%{Authorization:[Time Source]:Until2300}

 

 

Thanks


Sven
ACMP + ACCP
Search Airheads
Showing results for 
Search instead for 
Did you mean: