Security

It appears this should be relatively simple to do but I can't seem to get the thing working as I want it.

The operator must be able to set the date/time the account starts but may not change the account expiry time. This needs to expire 24 after after the account is activated (not created).

To accomplish this I tried creating custom form fields in the operator profile and then change modify_expire_time and expire_after fields.

The guest manual mentions: 

- If modify_expire_time is “expire_after” or “expire_time”, then the expiration time is determined

according to the expire_after or expire_time fields as explained below.

-> how exactly? set a string value? change the options generarot or its parameters?

- If expire_after is set and not zero and the account will be activated immediately, then add the value

in hours to the current time to determine the expiration time.

- If expire_after is set and not zero and account activation is set for a future time (schedule_time)

instead of the current time, then the expiration time is calculated relative to the activation time

instead of the current time.

- Otherwise, if expire_after is zero, negative or unset, and expire_time has been specified, use that

expiration time. If the expire_time specified is in the past, set do_expire to 0 and ignore the

specified expiration time.

- Otherwise, if expire_time is not specified, then the expire_time is not set and do_expire will

always be set to zero.

So I tried pretty much any combination of the "modify_expire_time" and "expire_after" form Fields but I cannot get it to work as intended. It keeps complaining: "The expiration time occurs prior to the activation time."

Anyone that can lend a hand with this?

Hi

:smileyhappy:

Read my posts - they contain answers for your questions:

http://community.arubanetworks.com/t5/Guest-Access/CPPM-gt-Can-i-configre-expiry-time-in-minutes-for-example-0-5-30/m-p/78352

http://community.arubanetworks.com/t5/ClearPass-formerly-known-as/How-to-limit-the-expiration-time-of-each-guest-user/m-p/78180

have a lovley night. :smileywink:

me

Hi Koen

First, if you want to limit this for operators you need to create a new form and limit access to this for the said operators.

You will get some answers in the links from kdisc98, but it won't get you all the way.

• Go to Configuration -> Forms & Views, select the create-user form.
• Click Duplicate and edit this to a new name (ie. create-user-24h)
• Click "Use" to open the form in a new tab to check out which fields you will want to edit.
• Go back to the create-user-24h form -> click Edit fields

Changes to create-user-24h form

• sponsor_name -> might want to change this to a read only field with type "static text"
• modify_expire_time -> disable this
• expire_time -> disable this
• expire_after -> change to type static text and initial value to 24
• do_expire -> might want to change this to hidden and initial value of 1, 2, 3 or 4 depending on what you want to happen at expiration. I normally use 2 - disable and logout 

Then go to Administration -> Operator Logins -> Profiles

• Create a new Profile (or edit your existing) and modify the limitations you want to apply
• Change Guest Manager settings to Custom, and just leave the form edited above as their only create user form.

When you put it like I don't understand why I had issues figureing it out :)

Confirmed working and exactly what I needed so kudos and thanks!