Posted on 01-06-2017 10:45 AM
Has anyone found a way to determine the 802.1x status via script? I'd like to know if the Ethernet adapter is currently authenticated, and with which 802.1x profile.
Posted on 01-06-2017 11:49 AM
@alexjdale Not sure if it'll help, but we use the following script to disable it ...
#!/bin/sh
####################################################################################################
#
# ABOUT
#
# 802.1X Disable automatic connection
#
####################################################################################################
#
# HISTORY
#
# Version 1.0, 18-Mar-2015, Dan K. Snelson
# Version 1.1, 19-Mar-2015, Dan K. Snelson, with inspiration from:
# http://web.mit.edu/cron/system/macathena/core/scripts/imaging/macathenize/temp/macathenize_060813
#
####################################################################################################
# Import logging functions
source /path/to/client-side/logging.sh
####################################################################################################
loggedInUser=`/bin/ls -l /dev/console | /usr/bin/awk '{ print $3 }'`
loggedInUserHome=`/usr/bin/dscl . -read /Users/$loggedInUser | grep NFSHomeDirectory: | cut -c 19- | head -n 1`
hardwareUUID=`/usr/sbin/ioreg -rd1 -c IOPlatformExpertDevice | grep IOPlatformUUID | awk {'print $3'} | sed 's/"//g'`
/bin/echo "`now` *** Disable 802.1X automatic connection ***" >> $logFile
/bin/echo "`now` Logged-in User: $loggedInUser" >> $logFile
/bin/echo "`now` Logged-in User Home: $loggedInUserHome" >> $logFile
/bin/echo "`now` Hardware UUID: $hardwareUUID" >> $logFile
if [ -e $loggedInUserHome/Library/Preferences/ByHost/com.apple.network.eapolcontrol.* ] ; then
/usr/libexec/PlistBuddy -c "Set :EthernetAutoConnect false" $loggedInUserHome/Library/Preferences/ByHost/com.apple.network.eapolcontrol.$hardwareUUID.plist
/bin/echo "`now` eapolcontrol plist modified (802.1X autoconnect disabled)" >> $logFile
else
/usr/libexec/PlistBuddy -c "Add :EthernetAutoConnect bool" $loggedInUserHome/Library/Preferences/ByHost/com.apple.network.eapolcontrol.$hardwareUUID.plist
/usr/libexec/PlistBuddy -c "Set :EthernetAutoConnect false" $loggedInUserHome/Library/Preferences/ByHost/com.apple.network.eapolcontrol.$hardwareUUID.plist
/bin/echo "`now` eapolcontrol plist created (802.1X autoconnect disabled)" >> $logFile
fi
# Respawn cfprefsd to load new preferences
/usr/bin/killall cfprefsd
exit 0 ## Success
exit 1 ## Failure
Posted on 02-28-2017 07:27 AM
@alexjdale, I had asked AppleCare about this some time ago (Mavericks, maybe) and the only option appeared to be log scraping. I think it has been 1-3 years since that question, so something new may be available. I think I submitted a feature request for 802.1X status. If that hasn't been fulfilled since, it would be worth a feature request (with impact data).