Work as a charm, I was trying to modify the Guest Devices source attributes & SQL but your solution is very simple
Original Message:
Sent: Dec 22, 2020 04:35 AM
From: Herman Robers
Subject: MPSK - Return visitor_name as RADIUS UserName
Two options here. One is to return this attribute as the IETF:User-Name. You can do that with this enforcement profile:
Put the label of what you see in Access Tracker (GuestUser:Visitor Name) in the %{ } construction to get the value replaced during enforcement.
In your policy do something like this to prevent empty values to be returned:
I successfully tested this in my lab:
And Access Tracker:
Another option is to add the Endpoint Database as an Authorization source and pull additional attributes from there. By doing that you can combine information from the Guest Devices database and Endpoint database in one policy; but if all information is in the Guest Devices database, then there is no need to do this.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
Original Message:
Sent: Dec 21, 2020 08:43 PM
From: Michael Lidgett
Subject: MPSK - Return visitor_name as RADIUS UserName
Hi Herman,
We do that currently for the standard guest workflow but as this is MPSK IOT devices and are created via operator access not a web form, it doesnt have the ability to write anything to the endpoint repository.
As part of creating a device we give it a name, if you then check the "show details" for the device i created you can see its stored the name as visitor_name
Show Details on created device account
and even when it authenticates now its has it in the computed attributes so its stored in a database but i just need the right source, query and attribute to pluck it out as i have no idea how to do that.
Computed Attribute:
I tried what the 2nd poster had mentioned but couldnt get it to work.
The info is there so there must be away to pull it out and send it back as the username like the original poster has asked.
------------------------------
Michael Lidgett
Original Message:
Sent: Dec 21, 2020 04:23 AM
From: Herman Robers
Subject: MPSK - Return visitor_name as RADIUS UserName
If you have the device name in the Guest Device Database or in the Endpoint Repository, check Access Tracker if you have a field that carries the name you want to return and return that in the enforcement as the IETF:User-Name attribute.
Example enforcement profile for the Endpoint database Hostname field:
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
Original Message:
Sent: Dec 21, 2020 12:45 AM
From: Michael Lidgett
Subject: MPSK - Return visitor_name as RADIUS UserName
Hi
Did you manage to get this working? My customer's IT staff make the MPSK Device accounts for IOT devices and returning the device name is essential so it can be identified over the default of who created it.
Mike
------------------------------
Michael Lidgett
Original Message:
Sent: Feb 14, 2020 12:15 AM
From: Scott Doorey
Subject: MPSK - Return visitor_name as RADIUS UserName
Hi Florian,
thanks for your reply. Whilst i initially thought the same as you, it seems the way the database is constructed is slightly different for devices.
The MPSK workflow doesn't use the Guest Repository but rather the Device Repository. This new authentication source seems to have separate auth SQL search queries and visitor_name doesn't appear to be in the schema.
When i initially mapped the variable as you suggested it simply returned a null value. Trying to modify the search query resulted in a table not found error.
I also tried connecting via pgadmin to browse the table and found that visitor_name isn't part of that query. this is where my very basic knowledge of SQL / JSON falls apart!!
I've found this is similar to when you try to query endpoint records which are also stored in a different manner.
Scott