Security

last person joined: 14 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Clearpass Guest / No Expiry / Session-Timeout Value

This thread has been viewed 6 times

  • 1.  Clearpass Guest / No Expiry / Session-Timeout Value

    Posted Feb 02, 2015 06:42 PM

    Hi all,

     

    We recently upgraded our CPPM and GUEST to 6.4.4.

     

    We ran into an issue this morning where guest accounts are unable to login. 

     

    When checking CPPM, the user is authenticated, however, the value for Session-Timeout = 0.

     

    We are dynamically pulling that value in our CPPM service using the builtin variable

     

    %{Authorization:[Guest User Repository]:RemainingExpiration}

     

    This seems to be working as there is a valid number there for users who have a static expiration date.

     

    For users with no expiration date, that value is being calculate to 0, thus denying any login attempts at all.

     

    The issue only affected users who have NO EXPIRATION set on their guest account.

     

    When I manually assigned an expiration date to these users, I verified that CPPM shows the Session-Timeout = some number greater than 0.

     

    It seems there is a bug in CPPM / GUEST in 6.4.4 that calculates the Session-Timeout value to be 0 for any guest users with no expiration set on them.

     

    Has anyone else had this issue? Can anyone else verify if this is truly a bug or something unique to our environment?

     

    TIA!!!



  • 2.  RE: Clearpass Guest / No Expiry / Session-Timeout Value

    Posted Feb 04, 2015 04:39 PM

    Bump.

     

    Nobody?



  • 3.  RE: Clearpass Guest / No Expiry / Session-Timeout Value

    EMPLOYEE
    Posted Feb 04, 2015 04:41 PM
    Please open a TAC case. It sounds like it might be an upgrade bug but they will need to dig into the logs.