Skip to main content
Solved

need help with wifi script

Did this topic help you find an answer to your question?
Show first post

68 replies

R
Forum|alt.badge.img+12
  • rmanly
  • Contributor
  • 312 replies
  • September 14, 2012

EDIT: :P

T
Forum|alt.badge.img+21
  • tkimpton
  • Author
  • Honored Contributor
  • 970 replies
  • September 14, 2012

Wow thats amazing! Not sure how to allow for Airport service name though.

T
Forum|alt.badge.img+21
  • tkimpton
  • Author
  • Honored Contributor
  • 970 replies
  • September 14, 2012

excuse my ignorance. How do i run this?

i tried networksetup -listnetworkserviceorder | /Library/Management/Scripts/test.awk

J
Forum|alt.badge.img+24
  • jarednichols
  • Valued Contributor
  • 1892 replies
  • September 14, 2012

nah nah, just run it like a script. the first line (the "she-bang") tells the system which interpreter to use).

In this case, it's saying "use awk for what follows. it's located at /usr/local/bin/awk"

J
Forum|alt.badge.img+24
  • jarednichols
  • Valued Contributor
  • 1892 replies
  • September 14, 2012

nah nah, just run it like a script. the first line (the "she-bang") tells the system which interpreter to use).

In this case, it's saying "use awk for what follows. it's located at /usr/local/bin/awk"

T
Forum|alt.badge.img+21
  • tkimpton
  • Author
  • Honored Contributor
  • 970 replies
  • September 14, 2012

thought so

the first line confused me # run like...

unfortunately its not working for me

line 5: BEGIN: command not found
line 9: syntax error near unexpected token `}'
line 9: `}'

R
Forum|alt.badge.img+12
  • rmanly
  • Contributor
  • 312 replies
  • September 14, 2012

EDIT: fixed

R
Forum|alt.badge.img+12
  • rmanly
  • Contributor
  • 312 replies
  • September 14, 2012

EDIT: shebang is fixed in the code above

@tkimpton oh crap!

I see the problem!

I have gawk installed on my machine and it is symlinked to /usr/local/bin/awk - default OS X awk is at /usr/bin/awk

Change the shebang to

#!/usr/bin/awk -f and it works. I will edit the above

R
Forum|alt.badge.img+12
  • rmanly
  • Contributor
  • 312 replies
  • September 14, 2012

EDIT: fixed

R
Forum|alt.badge.img+12
  • rmanly
  • Contributor
  • 312 replies
  • September 14, 2012

Updated to handle both Airport and AirPort. Tested on 10.6.8.

Created feature request for two backslashes here:

https://jamfnation.jamfsoftware.com/featureRequest.html?id=799

T
Forum|alt.badge.img+21
  • tkimpton
  • Author
  • Honored Contributor
  • 970 replies
  • September 15, 2012

Thanks for looking at this

I will probably have to use the script then another to block my ssids I don't want them connected to.

I don't know how to add in there to set the dns to "empy" to get around the wirless dns caching bug and prevent apipa

bentoms
Forum|alt.badge.img+35
  • bentoms
  • Legendary Contributor
  • 4331 replies
  • September 15, 2012

Hey fella,

Have a look here: http://macmule.com/2011/09/09/how-to-turn-off-wireless-card/

Part of that script says how to clear DNS.

T
Forum|alt.badge.img+21
  • tkimpton
  • Author
  • Honored Contributor
  • 970 replies
  • September 15, 2012

Hi Ben

Yeah sorry. I meant I don't know how to add in in to the awk script to make it workable for me. :(

T
Forum|alt.badge.img+21
  • tkimpton
  • Author
  • Honored Contributor
  • 970 replies
  • September 18, 2012

Hi Ryan

Is it possible you can email me the script. Im having some problem understanding what to change to make it work.

Thanks

C
Forum|alt.badge.img+10
  • carlo_anselmi
  • Valued Contributor
  • 229 replies
  • September 18, 2012

+1 for emailing the script if possible! :-)
I tried copying/pasting/adding the backslash but can't make it work
Thank you!

R
Forum|alt.badge.img+13
  • rockpapergoat
  • Contributor
  • 427 replies
  • September 18, 2012

email?

post it here or to a pastebin site.

https://gist.github.com

learn to love source control.

T
Forum|alt.badge.img+21
  • tkimpton
  • Author
  • Honored Contributor
  • 970 replies
  • September 22, 2012

Great idea! Can't wait to see this :)

T
Forum|alt.badge.img+21
  • tkimpton
  • Author
  • Honored Contributor
  • 970 replies
  • Answer
  • September 25, 2012

Thanks Jared i just got round to adding in your variables and this is what i am using now :)

#!/bin/bash
################################################################################################################################################
#
# HISTORY
#
# Version: 2.8
#
# - Created by Tim Kimpton on November 29th, 2012
# - Assisted by Jared Nichols and Mike from JAMFNATION to clean up and simplify the blocked ssid case statement and network interface variables
#
# Stops network bridging turning the relevant network interface off and on
#
################################################################################################################################################


# SETTING THE ENVIRONMENT VARIABLES

# Get the ethernet hardware port (ehwport)
ehwport=`networksetup -listallhardwareports | awk '/.Ethernet/,/Ethernet Address/' | awk 'NR==2' | cut -d " " -f 2`

# Get the wireless network service (wservice)
wservice=`/usr/sbin/networksetup -listallnetworkservices | grep -Ei '(Wi-Fi|AirPort)'`

# Get the wireless hardware port (whwport)
whwport=`networksetup -listallhardwareports | awk "/$wservice/,/Ethernet Address/" | awk 'NR==2' | cut -d " " -f 2`

# Find the ALL network hardware ports (hwports)
hwports=`networksetup -listallhardwareports | awk '/Hardware Port: Wi-Fi/,/Ethernet/' | awk 'NR==2' | cut -d " " -f 2`

# Get the wireless network (wirelessnw)
wirelessnw=`networksetup -getairportnetwork $hwports | cut -d " " -f 4`

# Get the SSID
SSID=`/System/Library/PrivateFrameworks/Apple80211.framework/Versions/A/Resources/airport -I
| grep ' SSID:' | cut -d ':' -f 2 | tr -d ' '`

# Current Logged in User
consoleuser=`ls -l /dev/console | cut -d " " -f4`

# Carry out an OS version check
OS=`/usr/bin/defaults read /System/Library/CoreServices/SystemVersion ProductVersion | awk '{print substr($1,1,4)}'`

# Work SSID
WorkSSID=XXX

# Authentication to use eg WPA2 Enterprise
Auth=WPA2E

# Index for SSID
Index=0

# Check to see if the JSS is available and if yes, then submits the current IP
checkjss=`/usr/sbin/jamf checkJSSConnection -retry 0 | grep "The JSS is available"`

# Department allowed to bypass SSID restrictions
Dept=XXX

# SSIDs to Block
Block1=XXX

Block2=XXX

Block3=XXX

Block4=XXX

####################################################################################

# See if ethernet if active and if it is then we need to turn OFF the wirelesss interface!
if ifconfig "${ehwport}" | grep inet; then
/usr/sbin/networksetup -setairportpower $whwport off

# There is also a bug where wireless network interfaces are caching DNS and causes problems when switching networks, so we need to clear them!
/usr/sbin/networksetup -setdnsservers $wservice "empty"

# if Ethernet is not active then...
elif ifconfig "${ehwport}" | grep inactive; then

# Clear the DNS cache for the wireless network service
/usr/sbin/networksetup -setdnsservers $wservice "empty"

# Do not ask to join new networks
/System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport prefs joinmode=automatic joinmodefallback=donothing

# Set the preferred wireless network to WorkSSID
/usr/sbin/networksetup -addpreferredwirelessnetworkatindex $whwport $WorkSSID $Index $Auth

# Turn the wirless hardware port on
/usr/sbin/networksetup -setairportpower $whwport on
fi

# Prevent 169 IP Address problem for  Work SSID
if [ $SSID = $WorkSSID ]; then
if ifconfig "${whwport}" | grep 169;
then

# If APIPA turn wireless hardware port off
/usr/sbin/networksetup -setairportpower $whwport off

# turn wireless hardware port on
/usr/sbin/networksetup -setairportpower $whwport on
fi
fi

# Get the wireless network (wirelessnw)
wirelessnw=`networksetup -getairportnetwork $hwports | cut -d " " -f 4`

# Block  wireless networks
case $wirelessnw in
$Block1)
networksetup -setairportpower $whwport off
;;
esac

# If logged in user is in I.S allow access to SSIDs but block everyone else!
if
dscl . -read /Users/"${consoleuser}" | grep "$Dept"
then echo "$Dept Allowed!"
else

# Block the restricted wireless networks with a case statement below
case $wirelessnw in
$Block2|$Block3|$Block4)

# Turn off wifi
networksetup -setairportpower $whwport off

# Set the preferred wireless network to WorkSSID
/usr/sbin/networksetup -addpreferredwirelessnetworkatindex $whwport $WorkSSID $Index $AuthE

# Remove Wireless networks
/usr/sbin/networksetup -removeallpreferredwirelessnetworks $whwport

;;
esac
fi

# Check to see it the jss is ping-able and if so submit the ip change to the jss. 
# This is useful when using Casper Remote and users are switching between wired and wireless

if [ "$checkjss" == "The JSS is available." ]; then
/usr/sbin/jamf log
fi
exit 0
T
Forum|alt.badge.img+8
  • technicholas
  • Contributor
  • 44 replies
  • October 10, 2012

How do I deploy this in my network? I want to push this out on Casper, we have MANY staff members going to the Guest network instead of the "Staff" network. HELP!

I am new to Casper.

R
Forum|alt.badge.img+12
  • rmanly
  • Contributor
  • 312 replies
  • October 11, 2012

Sorry guys I turned off all email notifications and just come here when I have a few spare moments now.

https://github.com/rmanly/mac_management/blob/master/wifi_disabler.awk

T
Forum|alt.badge.img+21
  • tkimpton
  • Author
  • Honored Contributor
  • 970 replies
  • October 11, 2012

@rmanly thanks I will have a look in the morning

@technicholas I used Lingon get this version it's free quick before its gone

http://sourceforge.net/projects/lingon/files/

I used Lingon to create a launch daemon (these run as root) to run the script. I included a watch path if a system file changed I think it was in /Library/Preferences/SystemConfiguration/xxx

I will have a look in the morning.

Anyway you will need to package them up and deploy, but TEST

C
Forum|alt.badge.img+10
  • carlo_anselmi
  • Valued Contributor
  • 229 replies
  • October 12, 2012

@rmanly, many thanks!
I tried the script but I get this error
("MY_TEST_MAC" in th elog below is the sharing name of the client)

/usr/sbin/jamf is version 8.62
Executing Policy DISABLE WiFi...
Mounting afp://Casper_Server/CasperShare to /Volumes/CasperShare...
Running script disable_WiFi.awk...
Script exit code: 2
Script result: /usr/bin/awk: can't open file MY_TEST_MAC source line number 6
Unmounting file server...

If I run the script manually, it seems to hang and do nothing
Ciao
Carlo

T
Forum|alt.badge.img+21
  • tkimpton
  • Author
  • Honored Contributor
  • 970 replies
  • November 13, 2012

One of the things i noticed after rebuilding the laptop was the "Ask to join new networks" in the Network Preference pane and in the Wi-Fi

does anyone know how i can make sure this is disabled via a command so i can add it to the script?

J
Forum|alt.badge.img+24
  • jarednichols
  • Valued Contributor
  • 1892 replies
  • November 29, 2012

That one is going to be tough as networksetup doesn't have an option for it. However, I found where the setting lives in the preference file if you're game to change it with a script. In /Library/Preferences/SystemConfiguration/preferences.plist you'll find a block like this:

<key>Interface</key>
                <dict>
                    <key>en0</key>
                    <dict>
                        <key>AirPort</key>
                        <dict>
                            <key>JoinModeFallback</key>
                            <array>
                                <string>Prompt</string>
                            </array>
                            <key>PowerEnabled</key>
                            <false/>
                            <key>RememberJoinedNetworks</key>
                            <true/>
                            <key>RequireAdminIBSS</key>
                            <false/>
                            <key>RequireAdminNetworkChange</key>
                            <false/>
                            <key>RequireAdminPowerToggle</key>
                            <false/>
                        </dict>
                    </dict>
                </dict>

That's the default. The key you want to change is JoinModeFallback and you'll want to change it to DoNothing like this:

<key>Interface</key>
                <dict>
                    <key>en0</key>
                    <dict>
                        <key>AirPort</key>
                        <dict>
                            <key>JoinModeFallback</key>
                            <array>
                                <string>DoNothing</string>
                            </array>
                            <key>PowerEnabled</key>
                            <false/>
                            <key>RememberJoinedNetworks</key>
                            <true/>
                            <key>RequireAdminIBSS</key>
                            <false/>
                            <key>RequireAdminNetworkChange</key>
                            <false/>
                            <key>RequireAdminPowerToggle</key>
                            <false/>
                        </dict>
                    </dict>
                </dict>

There's a number of ways to churn through the file with a script to change it, and if you're at the proper level of skill to do it (as mucking with this file directly is probably bad mojo if you don't know what you're doing) I'll leave you to it. Otherwise you may want to consider it a "nice to have."

T
Forum|alt.badge.img+21
  • tkimpton
  • Author
  • Honored Contributor
  • 970 replies
  • November 29, 2012

try this

Off
sudo /System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport prefs joinmode=automatic joinmodefallback=donothing

On
sudo /System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport prefs joinmode=automatic joinmodefallback=prompt

Thanks Jared
;)

Reply


Most helpful members this week

Terms & ConditionsCookie settingsAccessibility statement

Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings