Security

 View Only
  • 1.  ClearPass Guest portal with Mac-Caching - changing role in endpoint repository

    Posted Aug 28, 2017 11:28 AM

    Hi

     

    I have setup Guest portal with self-registration and sponsor and use different roles (also two custom ones).

    Mac-caching works fine and new roles are send to controller correctly via Radius CoA.

    In my setup, guest obtain default guest role after registration and changing of role is done from ClearPass-Guest->Manage Accounts.

    (Changing of role isn't done from sponsor form)

     

    One problem which I have encounter is that I don't know how to send new role of guest to the Endpoint Repository after modyfing it in the guest account (from ClearPass-Guest->Manage Accounts).

    If I change it manually in this endpoint repository, it is ok, but it is not comfortable for my client.

    Is it any way to change the role in Endpoint Repositury automatically after account modification ?

    I would be very glad for any help and advices

     

    Karol

     



  • 2.  RE: ClearPass Guest portal with Mac-Caching - changing role in endpoint repository

    Posted Aug 28, 2017 11:32 AM
    It will get updated when the user logs in again through the captive portal. There is no automatic method outside of that.


  • 3.  RE: ClearPass Guest portal with Mac-Caching - changing role in endpoint repository

    Posted Aug 28, 2017 11:45 AM

    Thanks for fast response.

    So I should enforce somehow second web login ?

    or maybe change the role manually in endpoint repository ? 

     

    No other way ?

     

    So how to enforce relogin of guest ? I understand that I have to enfrce relogin somehow

    regards

    K



  • 4.  RE: ClearPass Guest portal with Mac-Caching - changing role in endpoint repository

    Posted Aug 28, 2017 12:20 PM
    Clear the MAC-Auth Expiry attribute.

    It’s not common to change a guest role after the login event.


  • 5.  RE: ClearPass Guest portal with Mac-Caching - changing role in endpoint repository

    Posted Aug 29, 2017 06:05 PM

    Hi Tim

     

    Thanks for your answer

     

    In my case setting role is almost always after login.

     

    I'm wondering if it is possible to have two version of sponsor approval page: one  without filed for selecting role and second with such a filed.

    It could be slected based on group in AD for example ?

     

    regards

     

    K