Hi there,
We have a Guest solution, that has mainly been implemented by a 3rd party, that I'm looking to make a couple of minor adjustments too. I dont have a huge amount of Clearpass experience, so I'm trying to piece everything together to understand the current setup.
Our Guests are actually internal employees, who connect to the Guest SSID provided, and are subsequently presented with a splash page for authentication. They'll utilise their internal AD credentials in order to verify themselves and subsequently connect. The original design specified that after 30 days, their MAC entry in the endpoint repository would expire and they would be prompted to re-authenticate, this currently isn't happening - once a mac entry is in the repository it is not being removed and they're not being prompted to re-connect. I've had a look in to the service configured in Clearpass, and it appears to be utilising an attribute in a profile as seen in the attachment
Given that we're not being prompted to re-auth, is there a better way for me to configure this that will actually work?
Secondly, something else we'd like to build in, having some sort of background check to verify that an internal AD account that was initially used to verify that user on the Guest splash page is still valid - If the account is still live (account active / password not expired) then they're able to continue to connect by use of the cached mac, but if there are any issues with their account, then the splash page would be presented to them again, in order for them to re-validate with updated credentials.
Thanks in advance
Dan