self-registration and authentification portal with SSID WPA2.

  • 1
  • Question
  • Updated 1 year ago
  • (Edited)
I am currently looking for the documentation to setup an SSID using WPA2 pre-shared key in combinaison with self-registration and authentication CWP.

The end customer doesn't like the PPSK solution because it has multiple restrictions (I can detail them here but it is not my goal) and the self-reg + auth with radius seems to be the solution.

In the past I already setup authentification alone, however I wonder how it can works with the self-registration.

How the users are created on the active directory the radius server use?
Or is it only possible if the radius server is an access point that has write acess on the active directory domain?
Is the ID manager involved or is not needed?

Note: i use the classic hivemanager not the NG.

An example could be very usefull!
Thank you in advance,
Benjamin.
Photo of benjamin.jacobs

benjamin.jacobs

  • 3 Posts
  • 0 Reply Likes

Posted 2 years ago

  • 1
Photo of Rob Burgoyne

Rob Burgoyne

  • 19 Posts
  • 0 Reply Likes
As far as I understand and from my customer deployments the self-registration CWP only works for PPSK, and radius as service. The Radius as a service means that HMNG acts as the radius server. I believe that you may also be able to have an AP designated as a radius server but I'm not 100% sure about that piece.  If you have your own radius server adding/removing/editing users would need to be done there. 
Photo of Rob Burgoyne

Rob Burgoyne

  • 19 Posts
  • 0 Reply Likes
I just noticed that you are using classic HM, sorry my comment and experience are only with NG. 
Photo of benjamin.jacobs

benjamin.jacobs

  • 3 Posts
  • 0 Reply Likes
According to the documentation it should be supported.

Photo of benjamin.jacobs

benjamin.jacobs

  • 3 Posts
  • 0 Reply Likes
After running some tests I discovered that the self-reg and authentification CWP doesn't do what I was expecting.

I was expecting a user creation when the user registers himself. It is not the case.
The user get directly some access to a specific user profile (registration profile) and that's all.
The data entered by the users are not processed and can only be eventually (not sure) forwarded to some syslog server.

The authentification in the portal is made by a radius server that uses a database of users and if login succeed the user is map to an authentification profile.
(or a profile depending on attribute number returned by the radius)