This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Extreme Networks
- Community List
- Legacy
- Aerohive Migrated Content
- Re: How can you get PPSK passwords from an externa...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
How can you get PPSK passwords from an external source (e.g., RADIUS, LDAP, SQL)?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
04-25-2018 06:56 PM
I've set up PPSK SSIDs with local users, but would like to pull password dynamically from an external source. If I select "Use GuestManager for PSK validation" it gives me an option to select a RADIUS server and User Group. I've created a user in RADIUS that matches a local user in that group but that doesn't seem to work. Is this the right approach, or how can we add and update PPSK passwords without needing to push a new config?
Thanks.
Solved! Go to Solution.
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
05-01-2018 10:26 PM
Hi Dan,
IDM did use a RADSEC proxy, but the function it served was to authenticate PPSK credentials from AP to the external IDM server. That is the closest PPSK Authentication comes to using RADIUS.
Could you explain/screenshot where you are having trouble?
From what I observed in my lab instance of Classic On premise, at the SSID level, the authentication type we choose is mutually exclusive, in that it can only be one of the possible types. WPA2-PSK, WEP, PPSK, or RADIUS.
Additionally, once PPSK is selected, Local Users and Local User Groups are required.
From the PPSK documentation available on the community, I can not find anything that indicates using an external directory for PPSK Users/Groups.
https://thehivecommunity.aerohive.com/s/global-search/PPSK
Please advise if this was helpful, if you have further questions, or if there is anything I could do to assist.
Happy to help,
David
8 REPLIES 8
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
04-30-2018 08:15 PM
Classic on-premise.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
04-30-2018 08:00 PM
Are you using HiveManager Classic (myhive.aerohive.com) or HiveManager NG (cloud.aerohive.com)? I'm asking because the answer will change based on the type of HiveManager you are using.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
04-30-2018 06:41 PM
Hi, Sam,
Thanks for your answer. We already use radius for our employee accounts but want to have a PPSK network with changing passwords for other uses (such as mobile labs). I can change the password manually and push them to the APs, but there's a lot of documentation about using GuestManager to verify credentials from a RADIUS server as needed. We don't have or need the functionality of the GuestManager package to populate the RADIUS database, but still want to use the RADIUS PPSK option. The ultimate goal is to programmatically update PPSK passwords without having to push them to the APs, and we already are updating RADIUS and LDAP, so using one of those would be preferable.
Thanks,
-Dan
Thanks for your answer. We already use radius for our employee accounts but want to have a PPSK network with changing passwords for other uses (such as mobile labs). I can change the password manually and push them to the APs, but there's a lot of documentation about using GuestManager to verify credentials from a RADIUS server as needed. We don't have or need the functionality of the GuestManager package to populate the RADIUS database, but still want to use the RADIUS PPSK option. The ultimate goal is to programmatically update PPSK passwords without having to push them to the APs, and we already are updating RADIUS and LDAP, so using one of those would be preferable.
Thanks,
-Dan
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
04-30-2018 05:13 PM
If you are using PPSK, then the users will be stored on the HiveManager, the AP, or the cloud (depending on a few different things like if you're using IDM, HiveManager Classic, HiveManager NG, etc). If you want to pull users from an external source, that would be a Radius set up. We can either set this up as a Radius server on an AP and link that to an external database you have set up (AD, LDAP, etc), or we can link to an existing Radius server that you have set up.
If you search in Hive Community for "Radius" and filter to only see articles, we have a few guides that can help you get this set up, or at least show you what is involved. If you have a specific set up in mind, I can help you through this post as well.
