Security

Been revisiting setting up a basic clearpass guest service whare a visitor has time-limited access to a guest portal based service.

When I did this about 5 years ago i could delete an account after it expired so if the user tried to re register things would "just work"

AFAIK this has now been depreciated in favor of a Policy Manager global setting for clearing out guest users. Unfortunately the minimum deletion period is 1 day

So ....

User registers for visitor access at 9am ( iinitial login, subsequent mac caching)

System grants them  2 hours access

11am account expires

User then wants to connect again  ..

... but can;t because account has expired ( not deleted)

cronjob (?) purges their account  i assume at  main period ~2am ish

If the above is correct , why the depreciation  of user account deletion at expiry time in favour of a global setting thast can only run once a day minimum?

A

So you want the guest user to be able to register again with the same account after its account expired?

Why not try to use auto_update_account

https://www.arubanetworks.com/techdocs/ClearPass/6.7/Guest/Default.htm#Configuration/BusinessLogicForAccountCreation.htm?Highlight=auto_update_account

Because didn't know it existed. Many thanks for that, I'll go have a play

Rgds

Alex

Ah! in fact its enabled by default when you use the template to create a guest user account ..