I have a customer migrating to a ClearPass solution. They are looking for a guest solution for their many on-campus conferences.
How they’ve been doing it (and, most important, how they want to do it with ClearPass)
- A single, shared guest user account is created for each upcoming conference, with an account expiration datetime (DT) on the last day of the conference.
- Before the conference, all attendees are given this username/password for their particular conference, with instructions to login from a generic captive portal (CP) page (this page is used for any and all conferences).
- Upon successful authentication with the shared account, the attendee is redirected to a second self-registration CP page.
- The attendee self-registers, creating an account that expires at the same time as the “conference” guest account.
Goal
Have the expiration datetime of the self-reg account equal the expiration of the “conference” guest account.
Requirements
- Utilize a single self-reg page for any and all conferences. There could be concurrent conferences with different end dates.
- No modification to the expire_time of the self-reg page
Issues and thoughts
Given that an attendee logs in using the conference guest account, that device’s MAC is added to the Endpoint Repository (ER). So…I’ve created a post-auth profile to update the ER record with the conference guest account’s expiration date (Endpoint: Expiration= %{Authorization:[Guest User Repository]:ExpireTime}). That works, so we now have the conference end date associated with the attendee’s device MAC record.
The Question(s)
- Is there any way to use this ER attribute to set the expiration DT of the self-reg guest account?
- OR…am I going about this the wrong way? Is there another, better way to do this?
- OR…can it not be done because…
Any help will be greatly appreciated…even if the answer is, ya can’t do it…and here’s why.
Thanks for your time and brain.