Security

 View Only
last person joined: 2 days ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Guest accounts lifetime | expiry time - still can't make it work like i need it - please advise

This thread has been viewed 11 times
  • 1.  Guest accounts lifetime | expiry time - still can't make it work like i need it - please advise

    Posted Jul 07, 2013 06:24 AM

    Hi Guys,

    Its the 3rd time I'm asking - because i need to figure it out - and build a config that answer my client demands.

     

    I built a self-reg page that create guest account for 1 hour.

    expire_after.png

     

    And i also configured in the guest manager the following option:

    expire_action.png

     

    Now... what i need to create / enable for me client is this:

     

    EACH GUEST - CAN WORK FOR 1 HOUR | each 24 HOURS - how can i configure such a role (CPPM 6.1.XX) i need that each guest account will be valid to surf/browse for 1 hour - and after 1 hour it will be block for usage until the next day.

     

    PLEASE SOMEONE CAN DESCRIBE ME THE NEED CONFIGURE PROCESS + WRITE DOWN EXAMPLES.

     

     

    Thanks

     

    Me



  • 2.  RE: Guest accounts lifetime | expiry time - still can't make it work like i need it - please advise

    Posted Jul 07, 2013 07:41 AM

    kdisc98 - just want to be sure I understand what you are trying to do:

     

    - A guest can register

    - The guest can stay on for 1 hour

    - The guest cannot re-register for 24 hours

     

    Questions:

     

    - The limitation of once/24 hours; is that per guest "user" or "device"; in other words, is it OK for the guest to register as another name on the same device?

     

     



  • 3.  RE: Guest accounts lifetime | expiry time - still can't make it work like i need it - please advise

    Posted Jul 07, 2013 07:45 AM

    - A guest can register - YEP , This is working

    - The guest can stay on for 1 hour , YEP , This is working

    - The guest cannot re-register for 24 hours For this i need your assitance, This i need to understand how to configure.

     

    Questions:

     

    - The limitation of once/24 hours; is that per guest "user" or "device"; in other words, is it OK for the guest to register as another name on the same device? NO - It's a device (MAC/MAC PAIR)

     

     

     



  • 4.  RE: Guest accounts lifetime | expiry time - still can't make it work like i need it - please advise

    Posted Jul 07, 2013 07:51 AM

    Do you have the MAC/Pair creation working?



  • 5.  RE: Guest accounts lifetime | expiry time - still can't make it work like i need it - please advise

    Posted Jul 07, 2013 07:53 AM

    let's say i DO (in the past i already configured it , i can re-configure it and add it to the form in a sec) - please continue



  • 6.  RE: Guest accounts lifetime | expiry time - still can't make it work like i need it - please advise

    Posted Jul 07, 2013 02:00 PM

    forgotme

    :smileysad:



  • 7.  RE: Guest accounts lifetime | expiry time - still can't make it work like i need it - please advise

    EMPLOYEE
    Posted Jul 07, 2013 02:20 PM

    kdisc98,

     

    If you already have mac caching working, meaning if a mac device is being created every time a guest authenticates, we can use that expired mac address during mac authentication to redirect a user to a page that says their account has expired.  I think that is where clembo was going.  But mac caching is a prerequisite to that.

     



  • 8.  RE: Guest accounts lifetime | expiry time - still can't make it work like i need it - please advise

    Posted Jul 07, 2013 02:39 PM

    Hi Cjospeh!

     

    ok - and how i configure the mac expire time? via cppm form/guest?  (not the user expire time) - some examples / tips will be g00d.

    question



  • 9.  RE: Guest accounts lifetime | expiry time - still can't make it work like i need it - please advise

    EMPLOYEE
    Posted Jul 08, 2013 02:02 AM

    On The ClearPass Guest Side, go to Customization> Guest Self Registration> Edit.

    Below Register Page, Click on Form.  You will be adding two fields to the form, mac, and mac_auth_pair

     

    Click anywhere in the form and click on Insert After.  Select, mac for the field you want to enter and fill out the field like below.  Rank fills itself out, so you do not have to.mac.PNG

     

    When you save that, insert another field "mac_auth_pair" with the parameters below:  Save and get out of registration.  You should be able to go through self-registration with a new user and not only will a user show up under Guests> List accounts, but the mac address of the device that they registered (a paired account) should also show up under Guests> List Devices.  Let us know if that is working first.

     

    mac-auth-pair.PNG



  • 10.  RE: Guest accounts lifetime | expiry time - still can't make it work like i need it - please advise

    Posted Jul 08, 2013 02:51 AM

    Worked before - and working now.

    Now - how do i block access for 24 hours/1 day of the device ,after 1 hour usage?



  • 11.  RE: Guest accounts lifetime | expiry time - still can't make it work like i need it - please advise

    Posted Jul 08, 2013 03:08 AM

    3.PNGCapture.PNG2.PNG



  • 12.  RE: Guest accounts lifetime | expiry time - still can't make it work like i need it - please advise

    Posted Jul 09, 2013 03:58 AM

    so...i do i continue from here?

     

    please advise.

     

    thanks.

     

    me



  • 13.  RE: Guest accounts lifetime | expiry time - still can't make it work like i need it - please advise

    Posted Nov 22, 2023 12:06 PM

    Setting up guest account lifetime or expiry time can be tricky, but consider adjusting system parameters like account policies or using third-party tools for better control. Think about custom scripts or group policies to automate expiration, enhancing security by limiting access and minimizing potential risks.