Security

Hi, 

We have an  open Guest Wifi SSID broadcasting for guests of our company. In Clearpass we have a selfregistration click through process set up to gather some info about the person so we can ensure they are ligit and for reporting. 

The issue is that when I see someone abusing it I disable their account in Clearpass. But they can just go through the self registration process again and the account will be active again. We use the MAC auth so MAC addresses are recorded and are the username for the account. 

Why does the self registration process overwrite an existing account? Is there a way in Clearpass to stop this? Ideally I would like to disable an abuser of the system for 7days on Clearpass and not on the controller.

Thanks!!

We can set the auto_update_account attribute to zero in the Guest Registration page:

Go to Configuration> Guest Self-Registration.  Under Register Page, Click on Form.  On the form, you will see an field "

auto_update_account".  Change the initial value to zero, and click on save.

If they attempt to create an account that already exists, they will get this:

Here is what the field is meant for:

"Boolean flag indicating that an already existing account should be updated, rather than failing to create the account. This field should normally be enabled for guest self-registration forms, to ensure that a visitor that registers again with the same email address has their existing account automatically updated. Set this field to a non-zero value or a non-empty string to enable automatic update of an existing account. This field controls account creation behavior; it is not stored with created visitor accounts."

Hey cjoseph!

Thanks a ton, worked like a charm! When you said the field name I new I had seen it before. In the manual I looked it up again and the discription is:

"auto_update_account - If this field is present and set to a non zero value, account creation will not fail if the username already exists - any changes will be merged into the existing account using an update instead."

It still basically says the same thing but in a round about way and I really just saw "if this field is present and set to a non zero value, account creation will not fail"  => Ok so  it needs to be non zero or guest registration wont work......WRONG :)

Anyways, totally owe you a beer. 

Thanks!

I am having the opposite issue.  When a user already has an account that was created through self enrollment the user comes in the next day and tries to enroll again when the account already exists.  This is turn disables their account and they are out of luck.  Did you experience this at all with your challenges?

Jmadej,

I do not know what you are doing to achieve such a result.  You probably have to open a support case to go through your configuration in detail.

One thing I would look at is your account delete settings.

Sounds like the users accounts are not deleted when expired and if the the account is expired it will hold onto the username and not allow you to create a new active account. 

You do have to the option to delete the account instead of keeping it.