802.1x Wireless Configuration Self Service Plugin Public - Beta

acidprime
New Contributor III

external image link

I am working on an Open Source 802.1x wireless configuration script with a Cocoa Self Service plugin. If your currently using 802.1x wireless (default is PEAP) then this tool may be something you can beta test for me. If your interested in participating please do the following:

Its a Beta so things are still a little raw, so please read the README:

https://github.com/acidprime/WirelessConfig/blob/master/README

The compiled example is available in the downloads section:

https://github.com/acidprime/WirelessConfig/downloads

Please file all bugs using the public issues section for the project on github.com

Please put questions, installation issues, whatever , as you may help someone else

with your question.

https://github.com/acidprime/WirelessConfig/issues

Note: This does require a github account which is free.

The commit history is available as a atom feed, watch for updates.

https://github.com/acidprime/WirelessConfig/commits/master.atom

The final version will be posted on jamfnation after the BETA is over.

7 REPLIES 7

jhbush
Valued Contributor II

Zach, this looks great. Does this create a profile that shows up in the pref pane? Is there a place in this that allows certs to be trusted? Does this add the user credentials to the keychain. If so how does this play with FV2 not updating that password? Thanks for all of your work on this!!!

tlarkin
Honored Contributor

This looks awesome, keep us posted! I would love to test it, but I may not have any free time to do so.

acidprime
New Contributor III

@jhbush1973 yes this generates the profile, stores it temporally on disk and then imports it with the profiles command and deletes. In 10.6 and 10.5 manually writes the preference keys ( 10.6 "profiles" code is there but did not work as well so I just manually do it ). In all cases it manually creates the OS specific keychain format. In the case of 10.7 I found that installing a System profile did not cause auto connect to occur even though the credentials were embedded in the profile. User profiles worked but caused a password prompt, so I split the difference and manually create a com.apple.network.eap.user.item.wlan.ssid.newNetwork entry in the keychain.

Per your question on certs, not yet but it will in the Final release, just trying to decide the best way to store them as I may just have it loop through the bundle, but I really wanted to keep all the info in the settings plist, so I may have to make a settings generator that correctly encodes the DER or PEM as a NSData item in the plist.

Re: FV2, I guess the best way to put it , is this is a removal and addition tool, so it clears out old creds before it adds new ones when you have the SSID added in both the add and remove arrays

acidprime
New Contributor III

10.6 Bug Fix Update to Python Script:

https://github.com/acidprime/WirelessConfig/commit/be884c36d03d944f2bd31956bf8b62b31089efeb

joshuasee
Contributor III

Any further comment on how production ready this is given that it seems to be being maintained? Also, sorry to sound like an idiot, but what is the function of the mdmh key and does it need to be customized?

angeloj
New Contributor

Wow, Just what we needed.. Looks great. We run all mavericks here. Love hacking and will test. Does jamf know about this, time to wake them up.

franton
Valued Contributor III

It's good ... unless you have user authenticated 802.1X like we have. Then it's config profile only for that on Mavericks. Thanks Apple.