05-22-2019 03:00 PM
We currently have a setup where guests access the WLAN using 802.11x Radius authentication. We are having multiple issues with users AD accounts getting locked out when their passwords need updating and a BYOD device that they have forgotten about attempts to connect with their old credentials. Im looking for a way of preventing this from happening. Maybe a captive portal staff members connect to initially which then sends them a password to their work email address to connect them to the network. Any ideas if this is possible? or a better idea?
05-24-2019 09:50 AM
Hi Dennis
We are using cloud based Aerohive NG. Ive just created an account and am looking through the documentation. What you are doing at your organisation sounds very interesting. Hopefully i can make sense of the information on the website.
Regards
05-23-2019 01:43 PM
What version of HiveManager are you using? Depending on the version you are using you could potentially make use of the Aerohive API. My organization has employee on-boarding/off-boarding automated and part of the process is to provision/de-provision accounts for BYOD. We also have an internal support portal where employees can go and do BYOD self-service. The API is super simple to use - just go to developer.aerohive.com and sign up for an account so you can get access to the documentation. NOTE: The API does NOT work for Hivemanager NG on-prem so you must either be using Classic with the online ID Manager or using HiveManager Select.
05-23-2019 01:25 PM
You could set up a self registration SSID, and instruct them to use their work email addresses, and then they'd get the password sent to their inbox. However, we can't limit the self registration CWP to a particular domain, so it would be possible for non-employees to also register via the self registration CWP.
05-23-2019 01:20 PM
05-23-2019 01:09 PM
We generally don't recommend Radius for BYOD, I might recommend a PPSK option instead. You can lock the PPSK credentials to certain MAC addresses, or a certain number of devices allowed to use the same PPSK credentials if you'd like.