This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Extreme Networks
- Community List
- Legacy
- Aerohive Migrated Content
- Credential Distribution Groups: Instead of Guest...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Credential Distribution Groups: Instead of Guest Management Role User, I wish to have staff users log in via AD, Active Directory User, so they can manage guests.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
11-26-2018 03:29 AM
Instead of Guest Management Role User, I wish to have staff users log in via AD, Active Directory User, so they can manage guests.
I have only used the Guest Management Role where individual Hivemanager accounts have been added.
The method in the help page is very brief
https://docs.aerohive.com/330000/docs/help/english/ng/Content/gui/configuration/configuring-employee-group.htm
Is there any step by step guide for adding a AD account, and using Groups from this to allow Staff Guest Managers to login and add new guests to a Usergroup?
Solved! Go to Solution.
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
11-26-2018 01:10 PM
We do have this feature in HiveManager (where users will login with their AD credentials to the HiveManager), but it is quite new and we are still working on documentation for it. As soon as we have more documentation I will be sure to update you.
20 REPLIES 20
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
12-19-2018 06:59 PM
Yep understand the SSID is either RADIUS or PPSK etc.
Staff are intended to use their RADIUS credentials to sign in their BYOD client devices - by self-registration. This should be easy with a CWP to external RADIUS.
Visitors are intended to be provided access by nominated staff. The nominated staff will sign in to Hivemanager as a Guest Manager (User tab) using their AD credentials (instead of HM guest login). These staff will belong to an AD Group that allows access to HM. It is not Visitor self-reg with employee approval by email notification.
Hopefully you are able to get the RADIUS log in to HM feature arranged - Geoff Mason mentioned it is possible in NG-VA, but not in NG-Cloud?
thanks.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
12-19-2018 01:38 PM
Hi Jason, I'm sorry for all the confusion with the Radius login feature, as you can see it's a bit of a work in progress. Once we get the feature fully functional and documented, if you still have issues with the feature we can work from there.
As for the set up you mentioned, it is not possible to have one SSID use both Radius and PPSK. We can do client classification to move certain users to different user profiles within the same SSID, but the SSID authentication method has to be one thing; Radius or PPSK or PSK or Open.
Also you mentioned "Staff for Self Registration", did you mean you want your staff to self register or that you want staff to approve self registration guest users?
Finally, when you mentioned "Visitors/Guests arranged by Permitted staff to provide access via Hivemanager to create PPSKs", that sounds like self registration for guests with employee approval. We can make Guest Manager users that can log in to HiveManager and only have access to the user tab to create new users, is that what you are looking for?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
12-18-2018 11:55 PM
Hi Sam,
Unfortunately there is no option as you describe in their NG-VA 12.8.2.2 (latest version)
the Silhouette icon> Global Settings> RADIUS Configuration> Toggle to to ON>
The only options in Global Settings are below:
[cid:image001.jpg@01D4979A.192BDDD0]
Also for Cloud hosted NG, there is no RADIUS option either.
Hopefully this is added soon as you mention.
Thanks
Jason
Jason Hills
Senior Engineering Consultant
Kordia Ltd | DDI. +6445505069 | M. +64212418563
Unfortunately there is no option as you describe in their NG-VA 12.8.2.2 (latest version)
the Silhouette icon> Global Settings> RADIUS Configuration> Toggle to to ON>
The only options in Global Settings are below:
[cid:image001.jpg@01D4979A.192BDDD0]
Also for Cloud hosted NG, there is no RADIUS option either.
Hopefully this is added soon as you mention.
Thanks
Jason
Jason Hills
Senior Engineering Consultant
Kordia Ltd | DDI. +6445505069 | M. +64212418563
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
12-18-2018 10:35 PM
Hi Sam,
Thanks for the update regarding the AD integration for Credential Groups – I do hope this can be made possible for our customer. This is the first customer to ask for this functionality. They currently operate on NG-VA 12.8.2.2
I would like to go over their overall requirement for BYOD, as it is quite unusual. What was a simple BYOD SSID for Staff and Guests looks to be gaining complexity!
They wish to have two User Profiles on a single SSID:
a) Staff for Self Registration
b) Visitors/Guests arranged by Permitted staff to provide access via Hivemanager to create PPSKs
I believe option b) above is simply tied to the AD Group allowing staff (in the AD Group) to login to HiveManager to create Guest accounts, when this feature is confirmed:
[cid:image004.jpg@01D4978E.69CCD9D0]
The details provided by AIA are taking shape as below:
[cid:image005.png@01D4978E.69CCD9D0]
The option a) could be a RADIUS SSID which reassigns the UserProfile based on Staff providing their RADIUS credentials, assigning Staff to the AIAStaff profile for their BYOD devices.
However I’m not sure if it is possible, on the same SSID to assign Visitors/Guests to authenticate via PPSK (or appropriate) to be assigned the AIAGuest profile.
On another hive, I have applied in Classic, the UserProfile re-assignment, where the default untrusted profile is from the RADIUS credentials (allows staff BYOD to join using their RADIUS), then if the machine is a domain device, they are upgraded to a trusted user profile by UserProfile classification. Perhaps this kind of concept can be applied so that only a single SSID is able to be used, however I see that classification by Domain name is not included in NG – like in Classic.
I will find out more about their scope. But in the meantime I wondered if you had any thoughts on limitations.
Thanks,
Jason
Jason Hills
Senior Engineering Consultant
Kordia Ltd | DDI. +6445505069 | M. +64212418563
Thanks for the update regarding the AD integration for Credential Groups – I do hope this can be made possible for our customer. This is the first customer to ask for this functionality. They currently operate on NG-VA 12.8.2.2
I would like to go over their overall requirement for BYOD, as it is quite unusual. What was a simple BYOD SSID for Staff and Guests looks to be gaining complexity!
They wish to have two User Profiles on a single SSID:
a) Staff for Self Registration
b) Visitors/Guests arranged by Permitted staff to provide access via Hivemanager to create PPSKs
I believe option b) above is simply tied to the AD Group allowing staff (in the AD Group) to login to HiveManager to create Guest accounts, when this feature is confirmed:
[cid:image004.jpg@01D4978E.69CCD9D0]
The details provided by AIA are taking shape as below:
[cid:image005.png@01D4978E.69CCD9D0]
The option a) could be a RADIUS SSID which reassigns the UserProfile based on Staff providing their RADIUS credentials, assigning Staff to the AIAStaff profile for their BYOD devices.
However I’m not sure if it is possible, on the same SSID to assign Visitors/Guests to authenticate via PPSK (or appropriate) to be assigned the AIAGuest profile.
On another hive, I have applied in Classic, the UserProfile re-assignment, where the default untrusted profile is from the RADIUS credentials (allows staff BYOD to join using their RADIUS), then if the machine is a domain device, they are upgraded to a trusted user profile by UserProfile classification. Perhaps this kind of concept can be applied so that only a single SSID is able to be used, however I see that classification by Domain name is not included in NG – like in Classic.
I will find out more about their scope. But in the meantime I wondered if you had any thoughts on limitations.
Thanks,
Jason
Jason Hills
Senior Engineering Consultant
Kordia Ltd | DDI. +6445505069 | M. +64212418563
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
12-18-2018 09:09 PM
I don't have an update on the official documentation but I will check in for you and let you know. As far as the set up goes, it should be a simple as clicking on the Silhouette icon> Global Settings> RADIUS Configuration> Toggle to to ON> Choose if you would like the HiveManager Admin Authentication Settings to use Radius and local (users can log in with AD credentials or the normal HiveManager made user credentials) or just Radius> Click on the plus icon to create a new Radius tie in> Fill in the Radius information (IP, Authentication type/port, accounting port, shared secret)> Add> Save.
That said, I don't think it's working properly at the moment, and I have no technical documentation to go off of yet. I'll let you know as soon as I hear back on the status of that technical documentation. I'm very sorry for the long wait here, but I sincerely appreciate your patience and your continued attention to this thread.
