I think so, yes.. need to test in a lab, but I can see where creating AD accounts for each phone will become a PITA.
... and just noticed... you create a username and password for each PHONE???
If you have any information as to how you provision that into the corresponding phones, it would sure be helpful...
I can provide a Perl Script which can be modiefied to to this.
It looks for a physical Cert file (can be modified) and reads a CSV file containing all MAC addresses which it will then create an individual <mac>.cfg file and the relevant configuration for it.
Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.
Polycom Global Services
I ended up creating a powershell script to do all of the account creations.
When I provision phones, I pull the MACs from the DHCP lease list and then import them into an Excel file.
The powershell script reads these values and creates the AD account for each phone.
The script also creates the require <mac>.cfg and <mac-phone>.cfg files and inserts the correct MAC and AD information. The script creates a backup of these files into a folder named with the MAC address and also copies the 2 files into the root folder of the provisioning FTP server.
Then I reboot the phones and they pick up the new config files and I can deploy them on an 802.1x enabled port.
Fancy sharing this with the community?
Polycom Global Services
Let me write up some basic instructions for its use and sanitize it bit and I'll try to post back later today.
I have enclosed a readme in the ZIP file.
You must have some basic knowledge of PowerShell. Required modules are listed on the first 2 lines of the PS script.
You must have knowledge of your AD environment with respect to the AD account creation section.
Understand what groups are required for each phone object into within your AD environment.
Understand what group is required for RADIUS/NPS Authentication based on your RADIUS profiles.
The process reads values from a CSV file.
Generates a random 21 character password writes this to the CSV.
Creates a folder based on the MAC address.
Creates a MAC-Address.cfg and MAC-Address-phone.cfg file.
MAC-Address-phone.cfg file has the device.net.dot1x.identity and device.net.dot1x.password appended.
Creates an AD user account based on the model of the phone. IE VVX 411 is VVX411_mac_address.
Assigns the password to the AD user account.
Assigns groups to the AD User Account.
Sets primary group to the AD User account.
Writes the .cfg file into the MAC address named folder and also into the root of the FTP provisioning server.
**Always work from the file in the MAC Address folder and copy to the root of the FTP server if changes are made manually to the files. **
I hope you can benefit from this script to make your provisioning a bit easier.
Modify as required to fit your environment.
one note, you should never use a filename as <mac>-phone.cfg as this is one the phone creates itself.
In addition I believe you missed the device.set="1"
This is what I have been using for the past few months for over 300 phones so far.
The process works 100% to create the required files, AD accounts, and assignment of group membership for each EAP-PEAP dotx client. User accounts and passwords are unique amongst the fleet of VVX phones.
My mac-address.cfg files also reference an additional config file to import the required Root Certificate onto the phone to satisfy the Root CERT + AD Username + AD Password requirement for EAP-PEAP against my RADIUS Server.
doing something 300 times does not make it right.
An example from the UC Software 5.6.0 Admin Guide:
Do not use the following file names as your per-phone file name: <MACaddress>-phone.cfg,
<MACaddress>-web.cfg, <MACaddress>-app.log, <MACaddress>-boot.log, or
<MACaddress>-license.cfg. These file names are used by the phone to store overrides and logging