Mac and TLS computer certificate

Cem,

Never done this, but I notice, as you've mentioned, networksetup has options for import and export of 8021x profiles! Have you tried creating the setup as you want and then using the export feature to see what the output is? There may be clues from an export!

As for `networksetup -getcomputername`.mycompany.com

`hostname` does all of this

Sean

Yeah I think writes the hostname in here
/Library/Preferences/SystemConfiguration/preferences.plist
PlistBuddy should do it. I am trying to figure it out. As its quite a long
text file.

Definitely nothing to do with the trust bit though.

I think I needed to add Airport off and on flags for the script to work.

But still puzzled about
/Library/Preferences/SystemConfiguration/preferences.plist file
manipulation. I have managed to add the UserName as below. But I don’t
know what this number is AEB3DFF3-3BB6-4D24-9A9F-33001ADEBAA4 (some UUID I
believe)

/usr/libexec/PlistBuddy
/Library/Preferences/SystemConfiguration/preferences.plist -c "delete
Sets:AEB3DFF3-3BB6-4D24-9A9F-33001ADEBAA4:Network:Interface:en1:EAPOL:UserN
ame string "host/networksetup -getcomputername.mycompany.com""

Regards

Cem

TYPO Suppose to be *add flag not *delete

Well I have now decided to print
/Library/Preferences/SystemConfiguration/preferences.plist as txt. Then
grab the info.
/usr/libexec/PlistBuddy
/Library/Preferences/SystemConfiguration/preferences.plist -c "print Sets"

/private/tmp/copy.preferences.plist.txt

And first few lines reads like this.

Dict { AEB3DFF3-3BB6-4D24-9A9F-33001ADEBAA4 = Dict { Network = Dict { Service = Dict {

I now want to grab the Unique ID: "AEB3DFF3-3BB6-4D24-9A9F-33001ADEBAA4"
on the second line which also has 4 spaces in front.
How can I achieve this by using grep or sed? Or maybe some other method?

Thanks

Cem

Cem

Try this

defaults read /Library/Preferences/SystemConfiguration/preferences | grep -A 1 "^ {4}Sets" | tail -1 | cut -d """ -f 2

Sean

Mate you are a star :)
Works perfectly
Thanks!

Hmmm. I would think that should have worked.
This is my postflight script with companyWifi.networkConnect package.
Only issue I am having is the ${UID} still not working. Creates 0 under
Sets instead of putting the info under the UID

/usr/libexec/PlistBuddy
/Library/Preferences/SystemConfiguration/preferences.plist -c "add
Sets:${UID}:Network:Interface:en1:EAPOL:UserName string
"host/${computername}.mycompany.com""

Any ideas?

Also the reason I am using `networksetup -getcomputername` is `hostname`
returns with .local prefix.

Here is the full script

#!/bin/sh
## postflight

pathToScript=$0
pathToPackage=$1
targetLocation=$2
targetVolume=$3

computername=networksetup -getcomputername
UID:`defaults read /Library/Preferences/SystemConfiguration/preferences |
grep -A 1 "^ {4}Sets" | tail -1 | cut -d """ -f 2`

networksetup -import8021xProfiles AirPort
/private/tmp/companyWifi.networkConnect

/bin/sleep 3 #allow some time

networksetup -enablesystemprofile AirPort companyWifi

/bin/sleep 3 #allow some time

cp /Library/Preferences/SystemConfiguration/preferences.plist
/Library/Preferences/SystemConfiguration/preferences.plist_original_`date
+%M-%H-%m-%d-%y`

/usr/libexec/PlistBuddy
/Library/Preferences/SystemConfiguration/preferences.plist -c "add
Sets:${UID}:Network:Interface:en1:EAPOL:UserName string
"host/${computername}.mycompany.com""

networksetup -settlsidentityonsystemprofile AirPort
/${computername}.mycompany.com.pfx mypassword

/bin/sleep 3 #allow some time

exit 0 ## Success
exit 1 ## Failure

Cem

Basically all I am trying to achieve is to put the host/fqdn in to 802.1x
System Profile as attached screen grab
Is there smarter way of doing it? I want to do this without user
interaction.


scripting the creation of a per-client 'companyWifi.networkConnect' file
maybe the way to go?
Any suggestions regards command lines on how to add the host/fqdn into
UserName area while creating this?

You have two quotes after mycompany.com and a quotes before add and a quote before host! Is this right?

Sean

yes

ok I think I will be changing the strategy how to approach this. I think
manipulating the preferences.plist could be fatal. So I will edit the
'companyWifi.networkConnect' file instead. I will need to add the
following info into 'companyWifi.networkConnect' xml file. Line numbers
are 375 and 376. Also 5 tab keys or 20 space keys in front of each line.

<key>UserName</key> <string>host/fqdn</string>

you think this is doable?

or shall I look in to exporting the .networkConnect file individually per
Mac then import it back?

Promise I will share the outcome :)

Its all about using EAP-TLS & ACS and AD using Casper to set it up without
user interaction.

Cem

I've never used plistbuddy, but I don't believe this can be right.

Broken down, you have two quoted sections.

First:

"add
Sets:${UID}:Network:Interface:en1:EAPOL:UserName string
"

Second:

""

and in between these you have the following section not in quotes

host/${computername}.mycompany.com

I'm going to guess you were hoping that you had:

"host/${computername}.mycompany.com"

inside the other quotes, but you don't, it doesn't work like that! I'd try removing the quotes around the host line:

/usr/libexec/PlistBuddy
/Library/Preferences/SystemConfiguration/preferences.plist -c "add
Sets:${UID}:Network:Interface:en1:EAPOL:UserName string
host/${computername}.mycompany.com"

Sean

What is your goal with this script?

I have a script that sets a lot of those settings. It sets up a profile for a Login Window to use with wireless AD authentication. I'm including my script for reference. I know changes will need to be made, but hopefully it can guide you well enough.

----------------------------------
#!/bin/sh

# Define the plist files for easier reference...
EAPLoginWindow=/Library/Preferences/SystemConfiguration/preferences.plist

# Set up some variables...
wireless="WVU.Encrypted"
uuid=uuidgen
netuuid=uuidgen
setuuid=cat /Library/Preferences/SystemConfiguration/preferences.plist | grep /Sets/ | cut -c 16-51

# Delete the old settings
/usr/libexec/PlistBuddy -c "Delete :Sets:$setuuid:Network:Interface:en1:Airport" $EAPLoginWindow
/usr/libexec/PlistBuddy -c "Delete :Sets:$setuuid:Network:Interface:en1:EAPOL.LoginWindow" $EAPLoginWindow

# Configuring the Login Window settings...
/usr/libexec/PlistBuddy -c "Add :Sets:$setuuid:Network:Interface:en1:Airport dict" $EAPLoginWindow
/usr/libexec/PlistBuddy -c "Add :Sets:$setuuid:Network:Interface:en1:Airport:PowerEnabled bool true" $EAPLoginWindow /usr/libexec/PlistBuddy -c "Add :Sets:$setuuid:Network:Interface:en1:Airport:PreferredNetworks array" $EAPLoginWindow
/usr/libexec/PlistBuddy -c "Add :Sets:$setuuid:Network:Interface:en1:Airport:PreferredNetworks:0 dict" $EAPLoginWindow
/usr/libexec/PlistBuddy -c "Add :Sets:$setuuid:Network:Interface:en1:Airport:PreferredNetworks:0:SSID_STR string $wireless" $EAPLoginWindow
/usr/libexec/PlistBuddy -c "Add :Sets:$setuuid:Network:Interface:en1:Airport:PreferredNetworks:0:SecurityType string WPA2 Enterprise" $EAPLoginWindow
/usr/libexec/PlistBuddy -c "Add :Sets:$setuuid:Network:Interface:en1:Airport:PreferredNetworks:0:Unique Network ID string $netuuid" $EAPLoginWindow
/usr/libexec/PlistBuddy -c "Add :Sets:$setuuid:Network:Interface:en1:EAPOL.LoginWindow dict" $EAPLoginWindow
/usr/libexec/PlistBuddy -c "Add :Sets:$setuuid:Network:Interface:en1:EAPOL.LoginWindow:$uuid dict" $EAPLoginWindow
/usr/libexec/PlistBuddy -c "Add :Sets:$setuuid:Network:Interface:en1:EAPOL.LoginWindow:$uuid:EAPClientConfiguration dict" $EAPLoginWindow
/usr/libexec/PlistBuddy -c "Add :Sets:$setuuid:Network:Interface:en1:EAPOL.LoginWindow:$uuid:EAPClientConfiguration:AcceptEAPTypes array" $EAPLoginWindow
/usr/libexec/PlistBuddy -c "Add :Sets:$setuuid:Network:Interface:en1:EAPOL.LoginWindow:$uuid:EAPClientConfiguration:AcceptEAPTypes:0 integer 25" $EAPLoginWindow
/usr/libexec/PlistBuddy -c "Add :Sets:$setuuid:Network:Interface:en1:EAPOL.LoginWindow:$uuid:UniqueIdentifier string $uuid" $EAPLoginWindow
/usr/libexec/PlistBuddy -c "Add :Sets:$setuuid:Network:Interface:en1:EAPOL.LoginWindow:$uuid:UserDefinedName string $wireless" $EAPLoginWindow
/usr/libexec/PlistBuddy -c "Add :Sets:$setuuid:Network:Interface:en1:EAPOL.LoginWindow:$uuid:Wireless Network string $wireless" $EAPLoginWindow
/usr/libexec/PlistBuddy -c "Add :Sets:$setuuid:Network:Interface:en1:EAPOL.LoginWindow:$uuid:Wireless Security string WPA2 Enterprise" $EAPLoginWindow

/usr/libexec/airportd en1 prefs DisconnectOnLogout=Yes JoinMode=Automatic JoinModeFallback=Prompt RememberRecentNetworks=Yes RequireAdmin=Yes RequireAdminIBSS=Yes RequireAdminNetworkChange=No RequireAdminPowerToggle=Yes

/usr/sbin/networksetup -setairportpower airport on

# Add certificate to trusted list
security add-trusted-cert -d -r trustRoot -p eap -k "/Library/Keychains/System.keychain" "/private/var/tmp/cert.WVU.Encrypted.pem"

exit 0
----------------------------------

I can explain further if needed,
Scott

for Lion
https://jamfnation.jamfsoftware.com/discussion.html?id=4050