Can you see what AD user was used to retrieve a PPSK in Self-Registration scenarios?

  • 1
  • Question
  • Updated 5 years ago
  • Answered
For a private school client of mine I setup a self-registration page that requires Active Directory Authentication. So when the student first comes in they go to the self-registration SSID which then redirects them to log into the self-registration CWP to retrieve their PPSK. They want this instead of WPA Ent because they want to limit the amount of devices each PPSK can use. I know that the PPSK server (one of the AP121's) is doing the job of creating the PPSK. So first question would be:

Does the PPSK server also create an account to bind to the PPSK?
Is there a way to see what Active Directory account was used to retrieve the PPSK?
Photo of Shane Walters

Shane Walters

  • 23 Posts
  • 2 Reply Likes

Posted 5 years ago

  • 1
Photo of Abby S

Abby S, Employee

  • 94 Posts
  • 47 Reply Likes
hi Shane, all of this is recorded in the syslogs on the AP doing the PPSK distribution, so a good way to see it is to collect the syslogs from the devices in a log server such as Splunk, Kiwi, or even HM on-premises can be enabled to collect syslogs :-).
Photo of Shane Walters

Shane Walters

  • 23 Posts
  • 2 Reply Likes
Ahhh OK - so no way to view this information via the HiveManager Online so that a person that has a general understanding of tech but not really in the I.T. department? The school would like to use PPSK via Self-Registration but be able to tell what user's are online with what devices.
Photo of Shane Walters

Shane Walters

  • 23 Posts
  • 2 Reply Likes
As a FYI - after testing using self-registration where you have to enter your active directory credentials to retrieve your PPSK then connect to the appropriate SSID it actually does show the active directory username in HMOL that was utilized in the self-registration process. This is very good news but not sure if my questions was vague or this is a somewhat new feature?
Photo of Shane Walters

Shane Walters

  • 23 Posts
  • 2 Reply Likes
To update further, while it shows the AD account in the live information the reporting does not show the AD account...only the local Aerohive account that is tied to that PPSK. Can someone please add this to a feature request? That is, logging of the AD account information so that it can be seen in the reporting?
Photo of Sarah Banks

Sarah Banks

  • 75 Posts
  • 4 Reply Likes
Hi Shane - I've received this feature request before, and I'll add you to the list :) Are you sure you're asking for the logging, or are you asking, as well, for a change in the way we handle the local account tied to the AD search?