That is not how the feature is designed in ClearPass, so your mileage may vary.
Design is one unique key per device, and for IoT devices only, not for user devices which may suffer mac randomization and result in unexpected authentication failures.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: Nov 12, 2022 09:48 PM
From: Ryan Higgins
Subject: MPSK per-user, Query Questions
I have a customer that likes the MPSK feature, but wants it where each user account (in cp:guest) has the sam PSK for each of their registered devices. I know how conceptually this should be implemented - send the PSK back that is configured for that account when the device MAC Auths - but I am having a heck of a time with the query. I have put in a new field for the Guest User Account - called user_mpsk - and am able to write it there fine.
How can I get the value from the Guest User Account, when I am mac-auth'ing against the Guest Devices database? I can find the sponsor_name for the device… but how do I call to Guest User when authorization doesn't pull the details for the User since it is the MAC of the device that is the user id?
Does this make sense?
I was trying to write a Filter Query under the Guest User Database to be able to pull the info out but my SQL skill is not good enough.
Alternatively, I could try to store a value for each endpoint that is their MPSK, as a post-auth endpoint update action. Then future auth requests would see that value. But that seems the wrong way about it.
How can I achieve this in a scalable way, with the value coming from CP:Guest User Account attributes?
Many thanks in advance!