Get 802.1x authentication status for Ethernet via script?

alexjdale
Valued Contributor III

Has anyone found a way to determine the 802.1x status via script? I'd like to know if the Ethernet adapter is currently authenticated, and with which 802.1x profile.

2 REPLIES 2

dan-snelson
Valued Contributor II

@alexjdale Not sure if it'll help, but we use the following script to disable it ...

#!/bin/sh
####################################################################################################
#
# ABOUT
#
#   802.1X Disable automatic connection
#
####################################################################################################
#
# HISTORY
#
#   Version 1.0, 18-Mar-2015, Dan K. Snelson
#   Version 1.1, 19-Mar-2015, Dan K. Snelson, with inspiration from:
#   http://web.mit.edu/cron/system/macathena/core/scripts/imaging/macathenize/temp/macathenize_060813
#
####################################################################################################
# Import logging functions
source /path/to/client-side/logging.sh
####################################################################################################

loggedInUser=`/bin/ls -l /dev/console | /usr/bin/awk '{ print $3 }'`
loggedInUserHome=`/usr/bin/dscl . -read /Users/$loggedInUser | grep NFSHomeDirectory: | cut -c 19- | head -n 1`
hardwareUUID=`/usr/sbin/ioreg -rd1 -c IOPlatformExpertDevice | grep IOPlatformUUID | awk {'print $3'} | sed 's/"//g'`

/bin/echo "`now` *** Disable 802.1X automatic connection ***" >> $logFile
/bin/echo "`now` Logged-in User: $loggedInUser" >> $logFile
/bin/echo "`now` Logged-in User Home: $loggedInUserHome" >> $logFile
/bin/echo "`now` Hardware UUID: $hardwareUUID" >> $logFile

if [ -e $loggedInUserHome/Library/Preferences/ByHost/com.apple.network.eapolcontrol.* ] ; then
    /usr/libexec/PlistBuddy -c "Set :EthernetAutoConnect false" $loggedInUserHome/Library/Preferences/ByHost/com.apple.network.eapolcontrol.$hardwareUUID.plist
    /bin/echo "`now` eapolcontrol plist modified (802.1X autoconnect disabled)" >> $logFile
else
    /usr/libexec/PlistBuddy -c "Add :EthernetAutoConnect bool" $loggedInUserHome/Library/Preferences/ByHost/com.apple.network.eapolcontrol.$hardwareUUID.plist
    /usr/libexec/PlistBuddy -c "Set :EthernetAutoConnect false" $loggedInUserHome/Library/Preferences/ByHost/com.apple.network.eapolcontrol.$hardwareUUID.plist
    /bin/echo "`now` eapolcontrol plist created (802.1X autoconnect disabled)" >> $logFile
fi

# Respawn cfprefsd to load new preferences
/usr/bin/killall cfprefsd


exit 0      ## Success
exit 1      ## Failure

jaharmi
Contributor

@alexjdale, I had asked AppleCare about this some time ago (Mavericks, maybe) and the only option appeared to be log scraping. I think it has been 1-3 years since that question, so something new may be available. I think I submitted a feature request for 802.1X status. If that hasn't been fulfilled since, it would be worth a feature request (with impact data).