Security

Running clearpass 6.8.2

If I create a device with do_expire set to 4 .i.e. delete and logoff with an expirey time of 1 hour ... it doesn't delete it. The device gets expired but its still there.

Could someone running 6.8.2 try this before I call TAC ?

Guest accounts are no longer deleted in realtime and the use of do_expire has been minimized in new builds.  Are you upgrading from older versions?

Deletion is controlled by the CPPM Cluster Wide Cleaup Intervals.  There is an entry for Guest "Expired guest accounts cleanup interval".

Yup its an upgrade to 6.8.2 from 6.8.1 from 6.8.0 ....

A default value of 365 days seems a bit extravagant doe deletion if expired guest accounts ?

Yeah...  And the 1 day minimum is also not enough for a lot of people. 

You are familiar with the auto_update_account field and how that controls whether or not a self-reg can overwrite itself?

1 day certainly isnt enough

we use eduroam for dot1x capable devices and wpa2-psk for headless devices.

thanks to google and apple now when u configure their devices both device and configuring device need to be on same SSID. I need to temporarily allow a dot1x device onto the psk net. were talking an hour here not 1 day

Nope, dont know about that . but do now :-)

A