Account expiration in iPSK

[1977bjorn]

Hi,

It seems that the expiration date in mysql is set to number and not in date format. This is no problem really, but the expiration itself is problematic. The field "accountExpired" is always set to "False". If the expiration date is due, the portal shows "Account Expired" - but the mysql field "accountExpired" is not updated. The accountExpired is also a radius attribute, but using this has no use, as the field accountExpired never change (from "False").

So there is really no way to exclude the expired account/device except deleting it.

//Bjorn

[cisco-garyoppel]

Thank you for opening this issue, this has now been resolved and will be closed.

The stored procedures have been updated to return the appropriate 'results', depending on the endpoint status within the database.

The 'accountExpired' attribute is updated per endpoint within the stored procedure with every call that is made by ISE. This attribute should be used in conjunction with the iPSK_MACLookup stored procedure and appropriate ISE policy set. This will allow expired endpoints the ability to still access the network with the previous PSK while providing the ISE Admin control what access the endpoint is granted when they have expired.

Please review the DB_CHANGELOG @ https://github.com/CiscoSE/iPSK-Manager/blob/master/DB_CHANGELOG.md

Closed with Commit f7f5b7e0db8179586b3bbbd29797610099787c38