Jamf Nation Community

You can use the script in the resource kit to disable the airport, but to do this immediately when the ethernet cable is active, and then undo this when it is disabled, you'll have to use kicker (for 10.4) or crankd (for 10.5, not sure if it works in 10.6).

crankd is available here (http://code.google.com/p/pymacadmin/)

You'll have to setup a policy to run on a specific trigger, and then have crankd call this trigger when the cable is plugged in. Then you'll have to cache a policy that runs when crankd is called when the cable is unplugged.

I haven't done this, but crankd does look useful for this type of dynamic scenario.

-Robert

To what end? Are they just trying to limit the ability of internet sharing?
What is the goal of the policy?

Maybe I should clarify a bit.

My network is HUGE, we have well over 300k machines. We are a combined company of many mergers. Several of the merged portions of the network still have infrastructure and addressing from the old companies. I have macs scattered all over the country on this network. Usually they are in pockets of marketing users, but we do have some machines that are in single mac locations.

On windoze, our security department has a utility that will disable wireless if it sees a wired connection on the machine. The user can re-enable wireless on the machine without admin rights as long as a wired connection is not connected. I have to duplicate this functionality. So, if a cable with an active ethernet connection gets plugged in, wireless needs to be turned off. No need to have it automatically switch back the other way. The users can re-enable on their own.

PAul

On Oct 22, 2009, at 3:43 PM, Thomas Larkin wrote:

Even easier, you can require admin rights to modify the Airport status, then your casper policy can control it

We use something similar. All of our computers are on the 10.0.0.0/8
subnet so I grep for 10. in ifconfig en0. If there's no 10.xxx.xxx.xxx IP
address on en0 then wireless gets shut off.

#!/bin/bash

/sbin/ifconfig en0|grep 'inet 10.'

if [ $? -eq 0 ]; then /usr/sbin/networksetup -setairportpower off
else echo "Leaving AirPort on."
fi

Thanks to everyone with their great ideas,

This is what I ended up doing. I did some research and found out that the /Library/Preferences/SystemConfiguration directory is modified every time there is a configuration change like enabling or disabling of a network interface. I created a user agent and had launchd watch the folder for changes.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.wf.wifiblocker</string>
<key>ProgramArguments</key>
<array>
<string>/private/etc/scripts/wifiBlocker</string>
</array>
<key>WatchPaths</key>
<array>
<string>/Library/Preferences/SystemConfiguration</string>
</array>
</dict>
</plist>

I then modified the example script you sent over and had the script also look for airport to be active before making any actions.

#!/bin/bash

# Get airport status
wstatus=/usr/sbin/networksetup -getairportpower Airport | /usr/bin/awk '/Airport/ { print $4 }'

if [[ $wstatus == On ]]; then
#Get ethernet status
estatus=/usr/sbin/networksetup -getinfo Ethernet | /usr/bin/awk '/address/ { print $4 }'
if [[ $estatus != none ]]; then
#Disable ethernet
/usr/sbin/networksetup -setairportpower Airport off

#Notify user with growl
/usr/local/bin/growlnotify -s -a /Applications/Utilities/AirPort Utility.app -m "The airport wireless card has been disabled. To re-enable wireless networking, disconnect from the wired network." -t "Wired Network Detected"
exit 1
fi
fi

exit 0

I then threw in growl notification to let the user know the status of the airport. So far in my testing this has worked pretty well. I still need to make a modification to the script to do OS version detection for the networksetup utility. The syntax changed between 10.5 and 10.6 and I need to be able to support both OSs.

Paul Austin
End User Computing
Wells Fargo
704 427-0903

On Oct 22, 2009, at 4:39 PM, Thomas Larkin wrote:

OK, you would know your network better than any of us, and here is something I just whipped up. You can use it at your own risk, and I urge you to test test test test test test test and then test test test again before you deploy it.

#!/bin/bash

#get status of airport

estatus=/usr/sbin/networksetup -getinfo Ethernet | /usr/bin/awk '/address/ { print $4 }'

#now see check results with if then

if [[ $estatus == none ]]

then /bin/echo "computer is not on Ethernet"

exit 1

else /usr/sbin/networksetup -setairportpower off

exit 0

The script is in bold and red above. Test it out as I just whipped it up together really quick. It basically checks to to see if the Ethernet has an IP or not then does a command based on what it finds. I think this script needs some debugging though, but it can at least get you started.

-Tom

---

Thomas Larkin
TIS Department
KCKPS USD500
tlarki at kckps.org<mailto:tlarki at kckps.org>
blackberry: 913-449-7589
office: 913-627-0351
chown -R us /.base