Security

Reply
Contributor I

No Access tracker entry / Captive portal authentication,

Hello Folks, 

I'm running into an odd issue, 

in my guest WiFi environment, I have users to self-register through Clearpass captive portal and get access for 1 day, 

 I have daily different 200 to 250 connected fine with the normal scenario: users get access for 24 hours and then after time expiry account get deleted from Guest DB and a CoA sent to the controller to disconnect the user from the network.

 

along with that, I have few random users (about 20 users) with the following issue: account gets expired after 24 hours BUT NOT DELETED from Guest DB. 

focusing on these affected accounts, I found no access tracker entries using the filter "username = <user registration email>" 

 

Please note working and non-working users are connected through same SSID same controller same network segment, 

 

Please advise, 

 

Super Contributor I

Re: No Access tracker entry / Captive portal authentication,

ClearPass Guest will delete a guest account based on the do_expire value in the account.

 

By default this is set to 1.

 

Below a list what the do_expire value are:

 

4 | Delete and logout at specified time
3 | Delete at specified time
2 | Disable and logout at specified time
1 | Disable at specified time

 

You can set the global action the Guest Manager (Guest > Configuration > Guest Manager).

It's also possible to set the do_expire value during the createn of a account. This can be a hidden value in the form or a drop down list if you want.

 

You can check this value for a account what is not deleted. This can be done with the 'show details' option in the Manage Accounts menu.


Willem Bargeman ACMX#935 | ACCX #822

Please give me kudos if my post was useful!
If your issue is solved mark the post as solution!
Contributor I

Re: No Access tracker entry / Captive portal authentication,

"Show details" for the account that get not deleted from DB showing do_expire = 4 witches mean "Delete and log out at specified time"

 

As I mentioned, as I have a lot of working users, I'm sure that configuration is safe, 

 

any other thing to check?

 

regards,

thanks,

Super Contributor I

Re: No Access tracker entry / Captive portal authentication,

Mmm weird.
Can you check the Application Log in ClearPass Guest? All the delete/create actions (and errors) are logged over there.

You mentioned a small number of accounts with issues. Are this recently created accounts? Maybe you can try to change the do_expire value to a different value and then back to 4. Maybe it will trigger something.

Willem Bargeman ACMX#935 | ACCX #822

Please give me kudos if my post was useful!
If your issue is solved mark the post as solution!
Contributor I

Re: No Access tracker entry / Captive portal authentication,

Few users with issue appear every day,  

I m triggering this issue for a couple of weeks ago, and every time I need to cleanup Guest DB manually from the affected account.

Super Contributor I

Re: No Access tracker entry / Captive portal authentication,

What version are you running?
The following issue has been fixed in version 6.7.7

Expired guest accounts were not immediately deleted at an expiration event or in accordance with the do-expire profile.

If you already run version 6.7.7 or later, I will advise you to open a support case

Willem Bargeman ACMX#935 | ACCX #822

Please give me kudos if my post was useful!
If your issue is solved mark the post as solution!
Contributor I

Re: No Access tracker entry / Captive portal authentication,

I'm running 6.7.9 

 

thank you for all of your feedbacks. 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: