Help

Connect to Wifi using Identity via command line

sgoetz
Contributor

Posted on ‎10-27-2014 01:03 PM

Hey JAMF Users,

We use EAP-TLS to connect to our corp wifi network. Im trying to figure out how to connect to it via command line.

MDM Wifi Certs - pushes the SCEP cert to the device to be set as the identity. This command will set the identity security set-identity-preference -c $user -s com.apple.network.eap.user.identity.wlan.ssid.Earth

Now how do I establish the connection using that identity. I've tried:

networksetup -setairportnetwork en0 Earth

But that doesn't work as expected.

0 Kudos
5 REPLIES 5

jarednichols
Honored Contributor

Posted on ‎10-27-2014 01:12 PM

I did something similar at my last job. I'm not sure if the -c is good for you, but in my case I used something like:

# Find installed certificates with the smime (digital signature) flag
cert=`security find-identity -p smime | sed '/Policy/,/Valid identities only/ d' | cut -d " " -f 4`

# Set the identity preference for the Earth wifi network:
echo "Setting identity preference for Earth"
security set-identity-preference -s com.apple.network.eap.user.identity.wlan.ssid.Earth -Z $cert
0 Kudos

sgoetz
Contributor

Posted on ‎10-27-2014 02:11 PM

That will set the identity, but how do you do the acutal connection. Like if you went to the GUI click Earth. Click EAP-TLS select the identity. and click connect. But through command line. Or maybe Im just not understanding lol

0 Kudos

jarednichols
Honored Contributor

Posted on ‎10-27-2014 03:53 PM

Oh sorry, I just power cycled the Wi-Fi interface.

wifi=`networksetup -listallhardwareports | awk '/Hardware Port: Wi-Fi/,/Ethernet/' | awk 'NR==2' | cut -d " " -f 2`
networksetup -setairportpower $wifi off
networksetup -setairportpower $wifi on
0 Kudos

bentoms
Release Candidate Programs Tester

Posted on ‎10-27-2014 03:56 PM

Pretty sure this can be done in a single profile (we do this for out computer cert wireless).

Basically, the profile includes BOTH the cert request & the wi-fi payloads.

In the Wi-Fi payload, set your auth type & you should have an option for an "identity" or "certificate"

You should then be able to select the cert in your Certificate payload.

0 Kudos

GaToRAiD
Contributor II

Posted on ‎10-27-2014 05:47 PM

/url][/url">@bentoms][/url][/url, we have the same issue. I'm almost able to get it to work! Might need your assistance on it. Might post it to my "blog" *cough* [http://gatora1d.wordpress.com

I've been working on this one for a while, the issue is you can't do the identity through the payload. But for real guys, I'm almost able to get this to work, it's not something networksetup command line too is able to do. I'm having to use other means. Maybe and applescript to toggle the options, but I'm close.

*Edit: Almost done, having to write it in applescript so I can toggle the menu's accordingly....Should be done in the am.

0 Kudos