Skip to main content
Question

Connect to Wifi using Identity via command line


Forum|alt.badge.img+7

Hey JAMF Users,

We use EAP-TLS to connect to our corp wifi network. Im trying to figure out how to connect to it via command line.

MDM Wifi Certs - pushes the SCEP cert to the device to be set as the identity. This command will set the identity security set-identity-preference -c $user -s com.apple.network.eap.user.identity.wlan.ssid.Earth

Now how do I establish the connection using that identity. I've tried:

networksetup -setairportnetwork en0 Earth

But that doesn't work as expected.

5 replies

Forum|alt.badge.img+24
  • Valued Contributor
  • 1892 replies
  • October 27, 2014

I did something similar at my last job. I'm not sure if the -c is good for you, but in my case I used something like:

# Find installed certificates with the smime (digital signature) flag
cert=`security find-identity -p smime | sed '/Policy/,/Valid identities only/ d' | cut -d " " -f 4`

# Set the identity preference for the Earth wifi network:
echo "Setting identity preference for Earth"
security set-identity-preference -s com.apple.network.eap.user.identity.wlan.ssid.Earth -Z $cert

Forum|alt.badge.img+7
  • Author
  • Contributor
  • 97 replies
  • October 27, 2014

That will set the identity, but how do you do the acutal connection. Like if you went to the GUI click Earth. Click EAP-TLS select the identity. and click connect. But through command line. Or maybe Im just not understanding lol


Forum|alt.badge.img+24
  • Valued Contributor
  • 1892 replies
  • October 27, 2014

Oh sorry, I just power cycled the Wi-Fi interface.

wifi=`networksetup -listallhardwareports | awk '/Hardware Port: Wi-Fi/,/Ethernet/' | awk 'NR==2' | cut -d " " -f 2`
networksetup -setairportpower $wifi off
networksetup -setairportpower $wifi on

bentoms
Forum|alt.badge.img+35
  • Legendary Contributor
  • 4331 replies
  • October 27, 2014

Pretty sure this can be done in a single profile (we do this for out computer cert wireless).

Basically, the profile includes BOTH the cert request & the wi-fi payloads.

In the Wi-Fi payload, set your auth type & you should have an option for an "identity" or "certificate"

You should then be able to select the cert in your Certificate payload.


Forum|alt.badge.img+9
  • Contributor
  • 116 replies
  • October 28, 2014

/url][/url">@bentoms][/url][/url, we have the same issue. I'm almost able to get it to work! Might need your assistance on it. Might post it to my "blog" *cough* [http://gatora1d.wordpress.com

I've been working on this one for a while, the issue is you can't do the identity through the payload. But for real guys, I'm almost able to get this to work, it's not something networksetup command line too is able to do. I'm having to use other means. Maybe and applescript to toggle the options, but I'm close.

*Edit: Almost done, having to write it in applescript so I can toggle the menu's accordingly....Should be done in the am.


Reply


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings