Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Setting the expiration time for ClearPass guest accounts

This thread has been viewed 48 times

  • 1.  Setting the expiration time for ClearPass guest accounts

    Posted Jul 23, 2013 05:21 PM

    I was trying to figure out how to set the expiration time on a ClearPass guest account.  In the guest manager section, there are two mandatory sections: Expiration Options and Lifetime Options.  I'm assuming that one of these adjusts the length of time that a guest account is valid?  It looks as though the default timeframe for a guest account is 24 hours.  I want to set it to something more like 8 hours, but haven't quite been able to put my finger (or mouse) on it.  I am continuing to search the documentation.

     

    Guest Manager - account expiration.PNG



  • 2.  RE: Setting the expiration time for ClearPass guest accounts

    Posted Jul 23, 2013 07:18 PM

    Hi,

    Here is an some screenshots examples,on how to Built a self-reg page that create guest account for 1 hour.

    expire_after.png

     

    And i also configured in the guest manager the following option:

    expire_action.png

     

    more info:

    http://community.arubanetworks.com/t5/ClearPass-formerly-known-as/Guest-accounts-lifetime-expiry-time-still-can-t-make-it-work/td-p/84554

     

     

    tips:

    • make sure that your RFC3576 working well.
    • be sure to choose the right option in the guest manager. (Screenshots above)
    • try to update your CPPM with all the updates (ClearPass Policy Manager 6.1.2.53442)
    • BUILD your register form with the right fields

    Define Custom Field – ClearPass Guest – Aruba Networks_2013-06-12_12-02-10.png

     

    Aruba_CPGuest_DG_PDF.pdf - Adobe Reader_2013-06-12_12-12-35.png

     

    Expiration Relative to Login, and Expiration Action
    The expire_postlogin (Lifetime) field is used to specify an expiration time that takes effect after the first
    login of a guest account.(#10442)
    The do_expire (Expire Action) field is used to specify the action to take when the expiration time
    (expire_time) is reached for a guest account. (#10442)



  • 3.  RE: Setting the expiration time for ClearPass guest accounts

    Posted Aug 06, 2013 04:01 PM

     

    Hello, 

     

    but if the condition is dat: specify an expiration time that takes effect after the "last login" of a guest account.

     

     



  • 4.  RE: Setting the expiration time for ClearPass guest accounts

    Posted Aug 09, 2013 12:08 PM
    @i920098 wrote:

     

    but if the condition is dat: specify an expiration time that takes effect after the "last login" of a guest account.

     

    @kdisc98 was offering other fields that you can use for account expiration, of which there are a few.  His/her original suggestion of using the field, "expire_after" is what you want.  Go to your existing self-registration, open the Register Page -> Form and edit field for "expire_after".  The default initial value here is 24 for 24 hours.  Modify this to 8 or whatever you desire.  Now, any users that register on that self-registration page will receive an account valid for 8 hours after the time of registration.