06-30-2015 08:02 AM
Having trouble with the following requirement:
A Guest Account should get disabled after 14 days if it is not used.
The Life time options are 1, 2, 3, 4, 5 days.
The service is based on the "Guest Authentication with MAC Caching" template.
If guest logs in durcing the first days with "5 day account" the expire_time gets modified to today +5 days which is perfectly fine
If guest logs in on the 13th day (of this 14 day period) with "5 day account" the expire_time remains the original value which was set during creation. Which means it gets not updated and guest can use his account just 1 day.
My Customer would like to see the expire time get enhanced automatically in this case.
To be honest, i do not get why it is not getting updated altough the Access Tracker states that.
Does anyone have an idea or solution for this requirement?
07-01-2015 02:16 AM
Interresting usecase, but I don't see why you are asked to complicate it that much. It sounds like a nightmare to administer to be honest ;) We usually have pre-made accounts with a set life-time that doesn't expire so the concierge just have a set he can hand out whenever and they last X days from first login..
But OK... You create the account with an expiration of 14 days, but life-time set to 5 days using the default mechanics of Clearpass Guest. As you've described this works OK.
So - to achieve what you need I'm thinking you will have to create your own version of this functionality that triggers on first login. The new expire_time is set according to the role "Guest-x-days".
When creating the guestuser you enter 14 days as expiration, but not any lifetime. Set the role to be equal to the duration you want it to have (guest-x-days). During first webauth you then enforce a new expire_time according to the role with a NOW+x days. Also set a custom field on the guestuser like "activated = true" and test for this field before doing the +days to make sure that it doesn't trigger again for the same account when the user logs in with a second/third device. You will also have to test the original expire_time against NOW to see if it's less that x days remaining of the 14 days expiration
Might be an easier way to do this, but I can't think of one.
-ACMX #316 :: ACCP-
Intelecom - Norway
Remember to Kudo if a post helped you! || Problem Solved? Click "Accept as Solution" in a post!