What role are the guest users put into when they get on the network?
Run: show rights <NameOfRoleAbove>
This will show you all the ACL/policies for this role. You can edit/change the policies for your role of choice. The "allowall" policy is likely what you want for your requirements.
The authentication timer you are looking for is under Configuration --> Authentication --> Advanced. The time you set here will dictate how long the controller keeps the user in the client table. When the timer is reached, the controller looks to see if the client is still there (just not doing anything). If it is, the timer is reset. If the device is not there (asleep or disconnected), the client is removed from the table...requiring them to reauthenticate the next time.
If you don't want your users to have to reauthenticate should that inactivity timer be reached, you can increase this timer; NOTE this affects all users on all controllers. Or you can look to implement something like ClearPass that will authenticate guests and then allow them access for a certain amount of time (by using MAC authentication for subsequent connections).