Wow thats amazing! Not sure how to allow for Airport service name though.
excuse my ignorance. How do i run this?
i tried networksetup -listnetworkserviceorder | /Library/Management/Scripts/test.awk
nah nah, just run it like a script. the first line (the "she-bang") tells the system which interpreter to use).
In this case, it's saying "use awk for what follows. it's located at /usr/local/bin/awk"
nah nah, just run it like a script. the first line (the "she-bang") tells the system which interpreter to use).
In this case, it's saying "use awk for what follows. it's located at /usr/local/bin/awk"
thought so
the first line confused me # run like...
unfortunately its not working for me
line 5: BEGIN: command not found
line 9: syntax error near unexpected token `}'
line 9: `}'
EDIT: shebang is fixed in the code above
@tkimpton oh crap!
I see the problem!
I have gawk installed on my machine and it is symlinked to /usr/local/bin/awk - default OS X awk is at /usr/bin/awk
Change the shebang to
#!/usr/bin/awk -f and it works. I will edit the above
Updated to handle both Airport and AirPort. Tested on 10.6.8.
Created feature request for two backslashes here:
https://jamfnation.jamfsoftware.com/featureRequest.html?id=799
Thanks for looking at this
I will probably have to use the script then another to block my ssids I don't want them connected to.
I don't know how to add in there to set the dns to "empy" to get around the wirless dns caching bug and prevent apipa
Hey fella,
Have a look here: http://macmule.com/2011/09/09/how-to-turn-off-wireless-card/
Part of that script says how to clear DNS.
Hi Ben
Yeah sorry. I meant I don't know how to add in in to the awk script to make it workable for me. 
Hi Ryan
Is it possible you can email me the script. Im having some problem understanding what to change to make it work.
Thanks
+1 for emailing the script if possible! :-)
I tried copying/pasting/adding the backslash but can't make it work
Thank you!
email?
post it here or to a pastebin site.
https://gist.github.com
learn to love source control.
Great idea! Can't wait to see this :)
Thanks Jared i just got round to adding in your variables and this is what i am using now :)
#!/bin/bash
################################################################################################################################################
#
# HISTORY
#
# Version: 2.8
#
# - Created by Tim Kimpton on November 29th, 2012
# - Assisted by Jared Nichols and Mike from JAMFNATION to clean up and simplify the blocked ssid case statement and network interface variables
#
# Stops network bridging turning the relevant network interface off and on
#
################################################################################################################################################
# SETTING THE ENVIRONMENT VARIABLES
# Get the ethernet hardware port (ehwport)
ehwport=`networksetup -listallhardwareports | awk '/.Ethernet/,/Ethernet Address/' | awk 'NR==2' | cut -d " " -f 2`
# Get the wireless network service (wservice)
wservice=`/usr/sbin/networksetup -listallnetworkservices | grep -Ei '(Wi-Fi|AirPort)'`
# Get the wireless hardware port (whwport)
whwport=`networksetup -listallhardwareports | awk "/$wservice/,/Ethernet Address/" | awk 'NR==2' | cut -d " " -f 2`
# Find the ALL network hardware ports (hwports)
hwports=`networksetup -listallhardwareports | awk '/Hardware Port: Wi-Fi/,/Ethernet/' | awk 'NR==2' | cut -d " " -f 2`
# Get the wireless network (wirelessnw)
wirelessnw=`networksetup -getairportnetwork $hwports | cut -d " " -f 4`
# Get the SSID
SSID=`/System/Library/PrivateFrameworks/Apple80211.framework/Versions/A/Resources/airport -I
| grep ' SSID:' | cut -d ':' -f 2 | tr -d ' '`
# Current Logged in User
consoleuser=`ls -l /dev/console | cut -d " " -f4`
# Carry out an OS version check
OS=`/usr/bin/defaults read /System/Library/CoreServices/SystemVersion ProductVersion | awk '{print substr($1,1,4)}'`
# Work SSID
WorkSSID=XXX
# Authentication to use eg WPA2 Enterprise
Auth=WPA2E
# Index for SSID
Index=0
# Check to see if the JSS is available and if yes, then submits the current IP
checkjss=`/usr/sbin/jamf checkJSSConnection -retry 0 | grep "The JSS is available"`
# Department allowed to bypass SSID restrictions
Dept=XXX
# SSIDs to Block
Block1=XXX
Block2=XXX
Block3=XXX
Block4=XXX
####################################################################################
# See if ethernet if active and if it is then we need to turn OFF the wirelesss interface!
if ifconfig "${ehwport}" | grep inet; then
/usr/sbin/networksetup -setairportpower $whwport off
# There is also a bug where wireless network interfaces are caching DNS and causes problems when switching networks, so we need to clear them!
/usr/sbin/networksetup -setdnsservers $wservice "empty"
# if Ethernet is not active then...
elif ifconfig "${ehwport}" | grep inactive; then
# Clear the DNS cache for the wireless network service
/usr/sbin/networksetup -setdnsservers $wservice "empty"
# Do not ask to join new networks
/System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport prefs joinmode=automatic joinmodefallback=donothing
# Set the preferred wireless network to WorkSSID
/usr/sbin/networksetup -addpreferredwirelessnetworkatindex $whwport $WorkSSID $Index $Auth
# Turn the wirless hardware port on
/usr/sbin/networksetup -setairportpower $whwport on
fi
# Prevent 169 IP Address problem for Work SSID
if [ $SSID = $WorkSSID ]; then
if ifconfig "${whwport}" | grep 169;
then
# If APIPA turn wireless hardware port off
/usr/sbin/networksetup -setairportpower $whwport off
# turn wireless hardware port on
/usr/sbin/networksetup -setairportpower $whwport on
fi
fi
# Get the wireless network (wirelessnw)
wirelessnw=`networksetup -getairportnetwork $hwports | cut -d " " -f 4`
# Block wireless networks
case $wirelessnw in
$Block1)
networksetup -setairportpower $whwport off
;;
esac
# If logged in user is in I.S allow access to SSIDs but block everyone else!
if
dscl . -read /Users/"${consoleuser}" | grep "$Dept"
then echo "$Dept Allowed!"
else
# Block the restricted wireless networks with a case statement below
case $wirelessnw in
$Block2|$Block3|$Block4)
# Turn off wifi
networksetup -setairportpower $whwport off
# Set the preferred wireless network to WorkSSID
/usr/sbin/networksetup -addpreferredwirelessnetworkatindex $whwport $WorkSSID $Index $AuthE
# Remove Wireless networks
/usr/sbin/networksetup -removeallpreferredwirelessnetworks $whwport
;;
esac
fi
# Check to see it the jss is ping-able and if so submit the ip change to the jss.
# This is useful when using Casper Remote and users are switching between wired and wireless
if [ "$checkjss" == "The JSS is available." ]; then
/usr/sbin/jamf log
fi
exit 0
How do I deploy this in my network? I want to push this out on Casper, we have MANY staff members going to the Guest network instead of the "Staff" network. HELP!
I am new to Casper.
Sorry guys I turned off all email notifications and just come here when I have a few spare moments now.
https://github.com/rmanly/mac_management/blob/master/wifi_disabler.awk
@rmanly thanks I will have a look in the morning
@technicholas I used Lingon get this version it's free quick before its gone
http://sourceforge.net/projects/lingon/files/
I used Lingon to create a launch daemon (these run as root) to run the script. I included a watch path if a system file changed I think it was in /Library/Preferences/SystemConfiguration/xxx
I will have a look in the morning.
Anyway you will need to package them up and deploy, but TEST
@rmanly, many thanks!
I tried the script but I get this error
("MY_TEST_MAC" in th elog below is the sharing name of the client)
/usr/sbin/jamf is version 8.62
Executing Policy DISABLE WiFi...
Mounting afp://Casper_Server/CasperShare to /Volumes/CasperShare...
Running script disable_WiFi.awk...
Script exit code: 2
Script result: /usr/bin/awk: can't open file MY_TEST_MAC
source line number 6
Unmounting file server...
If I run the script manually, it seems to hang and do nothing
Ciao
Carlo
One of the things i noticed after rebuilding the laptop was the "Ask to join new networks" in the Network Preference pane and in the Wi-Fi
does anyone know how i can make sure this is disabled via a command so i can add it to the script?
That one is going to be tough as networksetup doesn't have an option for it. However, I found where the setting lives in the preference file if you're game to change it with a script. In /Library/Preferences/SystemConfiguration/preferences.plist you'll find a block like this:
<key>Interface</key>
<dict>
<key>en0</key>
<dict>
<key>AirPort</key>
<dict>
<key>JoinModeFallback</key>
<array>
<string>Prompt</string>
</array>
<key>PowerEnabled</key>
<false/>
<key>RememberJoinedNetworks</key>
<true/>
<key>RequireAdminIBSS</key>
<false/>
<key>RequireAdminNetworkChange</key>
<false/>
<key>RequireAdminPowerToggle</key>
<false/>
</dict>
</dict>
</dict>
That's the default. The key you want to change is JoinModeFallback and you'll want to change it to DoNothing like this:
<key>Interface</key>
<dict>
<key>en0</key>
<dict>
<key>AirPort</key>
<dict>
<key>JoinModeFallback</key>
<array>
<string>DoNothing</string>
</array>
<key>PowerEnabled</key>
<false/>
<key>RememberJoinedNetworks</key>
<true/>
<key>RequireAdminIBSS</key>
<false/>
<key>RequireAdminNetworkChange</key>
<false/>
<key>RequireAdminPowerToggle</key>
<false/>
</dict>
</dict>
</dict>
There's a number of ways to churn through the file with a script to change it, and if you're at the proper level of skill to do it (as mucking with this file directly is probably bad mojo if you don't know what you're doing) I'll leave you to it. Otherwise you may want to consider it a "nice to have."
try this
Off
sudo /System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport prefs joinmode=automatic joinmodefallback=donothing
On
sudo /System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport prefs joinmode=automatic joinmodefallback=prompt
Thanks Jared
;)
