Skip to main content
Question

Get 802.1x authentication status for Ethernet via script?

A
Forum|alt.badge.img+17

Has anyone found a way to determine the 802.1x status via script? I'd like to know if the Ethernet adapter is currently authenticated, and with which 802.1x profile.

    2 replies

    dan-snelson
    Forum|alt.badge.img+28
    • dan-snelson
    • Honored Contributor
    • 627 replies
    • January 6, 2017

    @alexjdale Not sure if it'll help, but we use the following script to disable it ...

    #!/bin/sh
####################################################################################################
#
# ABOUT
#
#   802.1X Disable automatic connection
#
####################################################################################################
#
# HISTORY
#
#   Version 1.0, 18-Mar-2015, Dan K. Snelson
#   Version 1.1, 19-Mar-2015, Dan K. Snelson, with inspiration from:
#   http://web.mit.edu/cron/system/macathena/core/scripts/imaging/macathenize/temp/macathenize_060813
#
####################################################################################################
# Import logging functions
source /path/to/client-side/logging.sh
####################################################################################################

loggedInUser=`/bin/ls -l /dev/console | /usr/bin/awk '{ print $3 }'`
loggedInUserHome=`/usr/bin/dscl . -read /Users/$loggedInUser | grep NFSHomeDirectory: | cut -c 19- | head -n 1`
hardwareUUID=`/usr/sbin/ioreg -rd1 -c IOPlatformExpertDevice | grep IOPlatformUUID | awk {'print $3'} | sed 's/"//g'`

/bin/echo "`now` *** Disable 802.1X automatic connection ***" >> $logFile
/bin/echo "`now` Logged-in User: $loggedInUser" >> $logFile
/bin/echo "`now` Logged-in User Home: $loggedInUserHome" >> $logFile
/bin/echo "`now` Hardware UUID: $hardwareUUID" >> $logFile

if [ -e $loggedInUserHome/Library/Preferences/ByHost/com.apple.network.eapolcontrol.* ] ; then
    /usr/libexec/PlistBuddy -c "Set :EthernetAutoConnect false" $loggedInUserHome/Library/Preferences/ByHost/com.apple.network.eapolcontrol.$hardwareUUID.plist
    /bin/echo "`now` eapolcontrol plist modified (802.1X autoconnect disabled)" >> $logFile
else
    /usr/libexec/PlistBuddy -c "Add :EthernetAutoConnect bool" $loggedInUserHome/Library/Preferences/ByHost/com.apple.network.eapolcontrol.$hardwareUUID.plist
    /usr/libexec/PlistBuddy -c "Set :EthernetAutoConnect false" $loggedInUserHome/Library/Preferences/ByHost/com.apple.network.eapolcontrol.$hardwareUUID.plist
    /bin/echo "`now` eapolcontrol plist created (802.1X autoconnect disabled)" >> $logFile
fi

# Respawn cfprefsd to load new preferences
/usr/bin/killall cfprefsd


exit 0      ## Success
exit 1      ## Failure
    J
    Forum|alt.badge.img+9
    • jaharmi
    • Contributor
    • 48 replies
    • February 28, 2017

    @alexjdale, I had asked AppleCare about this some time ago (Mavericks, maybe) and the only option appeared to be log scraping. I think it has been 1-3 years since that question, so something new may be available. I think I submitted a feature request for 802.1X status. If that hasn't been fulfilled since, it would be worth a feature request (with impact data).

    Reply


    Most helpful members this week

    Terms & ConditionsCookie settingsAccessibility statement

    Cookie policy

    We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

     
    Cookie settings