Security

Reply
MVP
Posts: 1,394
Registered: ‎05-28-2008

why guest account dosent delete even with do_exprie - 4 ?

I except the guest account to be deleted... (the expiret set for 1 hour....and than do_expire-4)

 

but it's seems not effecting at all on the guest module...

screenshot attached: ClearPass Policy Manager 6.2.2.56893 on CP-VA-5K platform

 

Capture.PNG

*****************2Plus Wireless Solutions****************************
Aruba Airheads - Powered By community for empower the community
************ Don't Forget to Kudos + me,If i helped you******************
Aruba
Posts: 1,642
Registered: ‎04-13-2009

Re: why guest account dosent delete even with do_exprie - 4 ?

[ Edited ]

Try setting the expired guest cleanup interval time; set under CPPM --> Administration --> Server Manager --> Server --> Configuration --> Cluster-Wide Parameters --> Cleanup Intervals -> Expired guest accounts cleanup interval (default is 365 days).

------------------------------------------------
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX

MVP
Posts: 1,394
Registered: ‎05-28-2008

Re: why guest account dosent delete even with do_exprie - 4 ?

Thanks :)

 

now , this make me think.

 

can expire guest account be re-used? let's say a guest is retureing to the site after X days and would like to re-register with the same e-mail , can it be done?

and if so...soo he can do it everytime - and than the session limit/expiry limit dosent worth nothing... <-- > no?

 

please advise.

*****************2Plus Wireless Solutions****************************
Aruba Airheads - Powered By community for empower the community
************ Don't Forget to Kudos + me,If i helped you******************
Guru Elite
Posts: 20,582
Registered: ‎03-29-2007

Re: why guest account dosent delete even with do_exprie - 4 ?

Check the post out here:  http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/Clearpass-Guest-Self-Registration-question/m-p/52058/highlight/true#M4234



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

MVP
Posts: 1,394
Registered: ‎05-28-2008

Re: why guest account dosent delete even with do_exprie - 4 ?

Thanks - i already read it before...

 

but if i dont allow auto update...than the user is unable to reuse his e-mail after the expiry time (until the guest record is deleted - 365 days?! ) ...what should i do if the user is caming back after 12 hours or 1 day...and there is still a guest recrod and no auto_update_account allowed.

 

Please advise.

*****************2Plus Wireless Solutions****************************
Aruba Airheads - Powered By community for empower the community
************ Don't Forget to Kudos + me,If i helped you******************
Guru Elite
Posts: 20,582
Registered: ‎03-29-2007

Re: why guest account dosent delete even with do_exprie - 4 ?

List your requirements and we can try to propose a solution.  There are a number of parameters that could conflict, so we want to make sure everything works as it should based on all your requirements; otherwise we will have to keep changing everything and it will not work the way you want.  Feel free to open a new post with all the requirements so we can focus on them, instead of do_expire.

 

The short answer is that we would change the cleanup interval to just a single day, and it will clean out all the expired users.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

MVP
Posts: 1,394
Registered: ‎05-28-2008

Re: why guest account dosent delete even with do_exprie - 4 ?

will do that.

Thanks.
*****************2Plus Wireless Solutions****************************
Aruba Airheads - Powered By community for empower the community
************ Don't Forget to Kudos + me,If i helped you******************
Aruba Employee
Posts: 571
Registered: ‎04-17-2009

Re: why guest account dosent delete even with do_exprie - 4 ?

Here is what you need to change for do_expire to actually take action once the account expires:

 

Screen Shot 2013-10-21 at 2.25.09 PM.png

 

do_expire will take whatever action is selected there. Default is just to disable the account. I believe this is what you are looking for.

 

I know this doesn't answer all of your questions, just the first one. So, if the account expiration was 1 hour from now, then after 1 hour, the user will get bounced and the account will be deleted, if set to Delete and logout at specified time. Then the user could go back in and create their account again.

Thanks,

Zach Jennings
MVP
Posts: 1,394
Registered: ‎05-28-2008

Re: why guest account dosent delete even with do_exprie - 4 ?

Thanks zjennings->I aware to this option,and  this is already configured in my guest manager  (as option 4) - but,i still see the guest account in cppm guest under guest accounts - as expired....

*****************2Plus Wireless Solutions****************************
Aruba Airheads - Powered By community for empower the community
************ Don't Forget to Kudos + me,If i helped you******************
MVP
Posts: 226
Registered: ‎03-03-2011

Re: why guest account dosent delete even with do_exprie - 4 ?

[ Edited ]

Sorry to drag out an old post but has this issue actually been resolved??

 

I understand there is the option under Guest Manager which sets the do_expire field. This is currently set to Delete and Logout at specified time. However, even with this set the account is expired and not deleted.

 

I know I can amend the Expired guest accounts cleanup interval under the Cluster-wide parameters but this only runs overnight as part of database maintenance.

 

This means if an account was created valid for 2 hours, after this time the account would become disabled. If the user wanted to create another account with the same username (email address) then this would fail as an account would exist already (albeit expired). I know this is a rare scenario but this seems to indicate Clearpass Guest cannot support accounts which have a short lifetime.

 

***edit*** this works like this running Clearpass 6.3.1 as well as previous versions.

 

Surely we need just 1 option for controlling the accounts when the expire_time is reached like it used to work in Amigopod.

Anyone got around this problem?

Thanks

David
ACDX #98 | ACMP | ACCP
Search Airheads
Showing results for 
Search instead for 
Did you mean: