- Jamf Nation Community
- Products
- Jamf Pro
- Enforcing wifi connection
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Enforcing wifi connection
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-22-2018 10:38 AM
The idea behind the script is to check to see if a user connects to the Guest network. If they do, it disconnects them, configures the correct network and deletes the Guest from the priority list. This works okay. The problem is when the device is hardwired to the network via ethernet or thunderbolt to ethernet. Since they are still connected to a network, they talk to the JSS and the policy runs so I'm trying to get the script to check if they have a hard connection and abort if they do.'
#!/bin/bash
# VARIABLES
# Get the wireless network service (wservice)
wservice=`networksetup -listallnetworkservices | grep -Ei '(Wi-Fi|AirPort)'`
# Get the wireless hardware port (whwport)
whwport=`networksetup -listallhardwareports | awk "/$wservice/,/Ethernet Address/" | awk 'NR==2' | cut -d " " -f 2`
# Find the ALL network hardware ports (hwports)
hwports=`networksetup -listallhardwareports | awk '/Hardware Port: Wi-Fi/,/Ethernet/' | awk 'NR==2' | cut -d " " -f 2`
# Get the wireless network (wirelessnw)
wirelessnw=`networksetup -getairportnetwork $hwports | cut -d " " -f 4`
# Get the SSID
SSID=`/System/Library/PrivateFrameworks/Apple80211.framework/Versions/A/Resources/airport -I
| grep ' SSID:' | cut -d ':' -f 2 | tr -d ' '`
# Get the Wi-Fi device name
wifiDevice=`networksetup -listallhardwareports | awk '/Wi-Fi/{getline; print $2}'`
# HARD CODED VALUES
# Work SSID
WorkSSID="Good Network"
# Authentication to use eg WPA2 Enterprise
Auth=WPA2
# Index for SSID
Index=0
# SCRIPT CONTENTS
# Set the preferred wireless network to WorkSSID
networksetup -addpreferredwirelessnetworkatindex $whwport $WorkSSID $Index $Auth
# Turn the wirless hardware port on
networksetup -setairportpower $whwport on
# Get the wireless network (wirelessnw)
wirelessnw=`networksetup -getairportnetwork $hwports | cut -d " " -f 4`
# Block wireless networks
case $SSID in
"Guest")
# Add regular network settings and remove the guest network
networksetup -setairportnetwork $whwport "Good Network" "passcode"
networksetup -setairportpower $whwport off
networksetup -removepreferredwirelessnetwork $whwport "Guest"
# Display message to user to connect to regular wifi network
HEAD="Access Denied"
MSG="Connecting to Guest is not authorized. Your WiFi settings have been updated."
/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper -windowType hud -heading "$HEAD" -description "$MSG" -button1 "Close" -lockHUD -icon /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/GenericNetworkIcon.icns
;;
esac
# Turn the wireless hardware port on
networksetup -setairportpower $whwport on
fi
exit 0This script works unless the device is hardwired to the network. I've been working on two workarounds. The first is to put the following code at the beginning of the Script Contents section.
if != ifconfig $wifiDevice | grep inet; #supposed to return if the wifi is NOT the active interface and exit the script if so
then echo "Currently connected to Ethernet"
exit 0
else
#If wifi is the active interface, the script continues on where it sets the preferred wireless network to "WorkSSID"My issue here has been getting ifconfig to be "not wifi" so it will pick up any connection that isn't the wifi.
The second workaround I've been trying (mostly because I haven't figured out the former) is the assign the result of the ifconfig command to a variable and then compare that with the $wifiDevice variable like this.
wifiDevice=`networksetup -listallhardwareports | awk '/Wi-Fi/{getline; print $2}'`
activeWifi=ifconfig $wifiDevice | grep inet;
echo $wifiDevice
echo $activeWifiSo here, the first echo shows the device name for the wifi but the second is blank.
Labels:
- Labels:
-
Settings and Security Management
2 REPLIES 2
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-22-2018 12:22 PM
I didn't find a better solution for getting what is or isn't WiFI when I was writing my version of this script. For compiled languages there is likely an API you could consult, but not a script. As for $activeWifi, I don't check whether the prohibited WiFi network is in use or not since it is one institutional devices aren't supposed to be on, period. If you're joined to it you get nagged and eventually booted off, even if your network connection is via ethernet. Giving you a chance to make sure you have some other connection is why you get nagged before getting booted.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-26-2018 08:51 AM
What I think would really help here would be to go a slightly different route. If I run this command to get the network port being actively used:
networksetup -listallhardwareports | grep -C1 $(route get default | grep interface | awk '{print $2}')I get something like this for output:
Hardware Port: Ethernet
Device: en0
Ethernet Address: a8:60:b6:03:0a:97How can I pull the device name, i.e. en0 and assign it to a variable?
