Skip to main content

A lot of different students use the laptops where I work and we have one set profile for them to use. The idea is that when the laptop logs on we can disassociate from the WiFi and also delete the password key that sits inside of the keychain access so each student can use their own WiFi username and password. I've managed to do this and I can do it manually through these commands:

#!/bin/bash

sleep 30

echo "sleep over"

sudo /usr/libexec/airportd en0 disassoc

sudo /usr/bin/security -v delete-generic-password -l networkalias

echo "disassociated"

First I give the computer about 30 seconds to reconnect to the wifi before disassociating and then I use the next command to delete the password that sits in keychain access. These commands work perfectly fine when I run each one manually, along with when I use "sudo jamf policy -event trigger" to force it for testing, but every time I let the command run itself on logon it disassociates but never deletes the password and lets you reconnect to the WiFi without typing in the new username and password. Any ideas on a fix for this?

When you are testing this. Are you using the same account to authenticate sudo that you are using for macOS? Anything JAMF does in the CLI space is done as root, not the logged in user. There could be a disconnect in that Root is running these commands and not the user.

I solved the issue and changed around the solution entirely. I used Jamf Composer to capture the image of me removing the preferred network from my WiFi list which simultaneously removes the password from the Keychain Access list. I made sure to do this on the student account that these laptops use as Composer specifies which user it had done such an action on. All that needs to be done after this is to disconnect from the WiFi and then it will prompt the user to reenter their credentials to which I wrote this simple script:

#!/bin/bash

sleep 5

sudo networksetup -setairportpower en0 off

sleep 2

sudo networksetup -setairportpower en0 on

Setting this all up on Jamf was the final step. I took the Composer image and made it into a DMG and put it in packages on Jamf along with making the script. Setting up the policy, I made it trigger on logon with the Execution Frequency set to Ongoing so we can check off the "Make Available Offline" feature. I set the script priority to run after as we want the WiFi to disconnect after having deleted the previous credentials. After testing numerous times with numerous WiFi credentials it works perfectly and each time you log onto the student account it asks you to reenter the WiFi credentials.

Reply


Terms & ConditionsCookie settings