Question about User Manager

  • 1
  • Question
  • Updated 4 years ago
  • Answered
Hello,

I need help of the best practice of user manager.
Actually, we use PPSK authentication for mobile devices.
When there is a new user, I create manually a new Preshared key , I add the new user group on the SSID and I push the new config on all the AP (320 and 330).
I would like to use user manager to  simplify the method.
Questions : if I create for example, 20  permanent automatic preshared key , and I select user manager for the SSID and push to the AP,  how user manager will work ?
- Do the AP request authentication to the Hive Manager (as Guest Manager) or it is local on the AP
- If I activate or disable an account on user manager  what happens ? Is it an automatic push from the HM to the AP ? What to do to disable an account if it is not the case ?

Thanks for your help

Dom
Photo of Dom

Dom

  • 23 Posts
  • 0 Reply Likes

Posted 4 years ago

  • 1
Photo of Crowdie

Crowdie, Champ

  • 972 Posts
  • 272 Reply Likes
Dom, in answer to your questions:

If I create for example, 20 permanent automatic preshared keys , and I select user manager for the SSID and push to the AP,  how user manager will work ?

When you create a permanent PPSK it is stored in the user database.  This database is stored on HiveManager and you push it out to the access points.  Once it has been pushed out to the access points the wireless clients can authenticate to the access points, even if the HiveManager is offline.

Does the AP request authentication to the Hive Manager (as Guest Manager) or it is local on the AP?

It is local to the access point.

> If I activate or disable an account on user manager what happens?

When you activate a permanent PPSK through HiveManager every access point that the permanent PPSK is valid for gets an update from HiveManager with the permanent PPSK details.  From this point on the wireless client can authenticate with the permanent PPSK.  If an access point is offline from the HiveManager then it will not receive the permanent PPSK update, until it is online again, and wireless clients will not be able to authenticate using the permanent PPSK.

When you disable the permanent PPSK the same permanent PPSK update is sent out but this time it advises the access points to disable the permanent PPSK.

This all differs with temporary PPSKs as these do not require realtime updates from the HiveManager and are valid as soon as they are assigned to a wireless client.

You may find the following post useful - https://community.aerohive.com/aerohive/topics/private_psks_the_good_the_bad_and_the_ugly



(Edited)
Photo of Dom

Dom

  • 23 Posts
  • 0 Reply Likes
Hello Crowdie

Thanks for your answer.
For the permanent PPSK, I thought it was possible to disable but it is in fact only possible to delete (it is the same effect).
 I hope I have good understand: if I configured on 3 AP 330 a manual permanent account, and I active it (or delete) on user manager, the HM will send directly a message to all AP (without to do a manual upload) that have the user profile ( that use user manager) or only the AP that have the user group (in relation with the account on user manager) already pushed by the upload config ?
I have a doubt also if I create a local user group with user type : automatically generate private key with permanent  and after local users with the bulk options. I push on the 3 AP.
 Is it the same think ? Can I only with user manager activate or delete these users without to do upload (as a manual user group) ?


Thanks,


Photo of Crowdie

Crowdie, Champ

  • 972 Posts
  • 272 Reply Likes
When you are working with permanent PPSKs you can update the access points using the following methods:

1.  To activate one or more permanent PPSKs select the appropriate PPSKs in User Manager and click on the "Activate" button.  This will push the permanent PPSK details to each access point where the local user (PPSK) group has been assigned as an SSID authentication method.

2.  To activate all permanent PPSKs at the same time you update the user database in HiveManager.


(Edited)
Photo of Dom

Dom

  • 23 Posts
  • 0 Reply Likes
Thanks for your answer.
In fact, with permanent PPSK, I thought it was user that is always active
So the temporary account (where it is possible on the HM local user group to be active always , use once, ...) has no link to user manager if I good understand , it is only to distribute the temporary account to the user. It is not possible to deactive from user manager.
In difference with permanent account where a change automatic updates the Access point
I hope it is right :-)
Photo of Dom

Dom

  • 23 Posts
  • 0 Reply Likes
Sorry,  I had no read your interesting link https://community.aerohive.com/aerohive/topics/private_psks_the_good_the_bad_and_the_ugly.

It is better clear.now.
Thanks