we have configured a new SSID especially for Smartphones. Users who want to connect to this WLAN need to connect to our guest-SSID and go through the ZeroIT-Provisionning-Proccess.
Now we want that only AD-Users, which are in the appropriate AD-Group can connect via ZeroIT. So we have configured the AAA-Server and the AD-Group and everything works fine. Also we have removed the SSID from default role, since otherwise everyone could connect to the SSID.
Now my problem is that I sometimes need to create a Dynamic PSK for the SSID manually. As I could see, I cannot do this as soon as I remove the SSID from default role.
Is this a bug or a design thing? Has anyone an Idea how I could handle this?