Posted on 12-03-2013 05:05 PM
Hey Guys,
Im having a few issues getting this working,
What i want to do is trigger a script to log users into our proxy server automatically when the plug into the Lan.
e.g. user goes to meeting with laptop on wifi comes back to the office plugs into the network and when they do they the script is triggered,
e.g. user turns up at work in the morning and the PC is locked(sleep) they plug it in and unlock the machine the script is triggered.
I have created a policy and limited it only to the Subnet I want it to run on and only on MacBook devices with the trigger network state change, but it doesn't ever seem to trigger,
Even making it available offline it still doesn't trigger,
Any ideas what I am doing wrong or is this even possible?
Posted on 12-03-2013 10:39 PM
@tijones, why not use a PAC file to define your proxy?
If the URL you give for your PAC is only internally resolvable, when out of the office the clients will attempt to use the PAC but quickly give up & then go direct.
We do that & use the below to set it: http://macmule.com/2011/09/09/how-to-change-the-automatic-proxy-configuration-url-in-system-preferen...
Posted on 12-04-2013 10:49 AM
like ben said, if you can, use a PAC file to accomplish this. If a PAC file isn't a possibility, consider using a launchd with a watch path of /Library/Preferences/SystemConfiguration. That's what we do- the launchd's script is triggered when SystemConfiguration changes, which will happen whenever the network state changes. The script looks at what SSID the mac is connected to on wifi, and changes locations to either turn the proxy on or off as needed. been working very well for us, and might be simpler to set up and test than trying to use the network state change trigger since everything needed to turn the proxy on or off is local to the machine . . . no JSS communication necessary.
Posted on 12-04-2013 01:06 PM
Yea can't use a PAC file not really what I'm trying to accomplish,
I just need to echo out
echo "IP="$IPADDR",""PERSON="$TheUser,"ACTION=ONLINE"
If you plug in the LAN cable
Would a launched under systemconfiguration do this on 10.9?
I have an every 15 min trigger to do echo "IP="$IPADDR",""PERSON="$TheUser,"ACTION=PING"
and a login trigger to do echo "IP="$IPADDR",""PERSON="$TheUser,"ACTION=ONLINE"
But i need to also trigger ONLINE on wake from sleep / unlock and plug in network cable
Posted on 12-04-2013 01:10 PM
it should, but test, test, test. our requirements were for proxy settings, so a little different emphasis than your situation. But afaik, using the system configuration watch path should get you what you need. We are using this under 10.9 with no changes from 10.8.
Posted on 12-04-2013 01:13 PM
@tijones][/url wrote:
Would a launched under systemconfiguration do this on 10.9?
Yes, and in fact more reliably under Mavericks than in 10.8. Mountain Lion had some odd issues where processes would trigger the preference.plist file inside /Library/Preferences/SystemConfiguration/ to get modified nearly constantly. This in turn would cause any LaunchDaemon/Agents that used that folder as a WatchPath to get re-trigegred all the time. We have a launchd that uses that WatchPath and had to modify our script to force a 10 second sleep to prevent the Console System log from being filled up with launchd throttle errors. (Launchd jobs can only run at max once every 10 seconds or the OS throttles them and writes that into the log file)
Fortunately from what I can see, 10.9 fixes this issue. So only on a network change, like plugging in a cable or connecting to a Wi-Fi SSID, connecting to VPN, etc. does anything in that folder get modified, which in turn will trigger any launchd job watching that directory.
Posted on 12-04-2013 01:16 PM
yep, we did see occasional throttling messages in 10.8 from that launchd, haven't seen them in my 10.9 testing but I don't have a large enough sample size on that to say for sure it's fixed. good to hear it has been!!
Posted on 12-04-2013 03:09 PM
Ok so I have got this far,
IPADDR=`/sbin/ifconfig -u | /usr/bin/grep -i "inet "|/usr/bin/grep "156"| /usr/bin/cut -d" " -f2`
if grep -q 156.62. <<<$IPADDR; then
sudo jamf policy -event internetautologin
fi
How do I create a launchd to run on change of network state? I see how the casper one start interval 900,
All this because i can't get the casper network state changes to work.
Posted on 12-04-2013 03:14 PM
well, you'll need a standard launchd plist. The keys you'll need to include are ProgramArguments- that'll be the path to your script- and WatchPaths, which is the path that launchctl will watch for changes and use as the trigger. that'll be the /Library/Preferences/SystemConfiguration path we talked about earlier.
Launchd documentation from Apple is here:
https://developer.apple.com/library/mac/documentation/MacOSX/Conceptual/BPSystemStartup/Chapters/Cre...
If anyone else has better tutorials, post links!
Posted on 12-04-2013 03:14 PM
double post
Posted on 12-04-2013 04:24 PM
I recommend using an app like LaunchControl to create the launchd. Although its certainly possible to craft them manually, and some people do, I've run into too many issues with making them that way. OS X is very picky about launchd plists. If they aren't exactly the way it expects them to be it will skip over them.
LaunchControl - https://jamfnation.jamfsoftware.com/viewProduct.html?id=246&view=info
Also keep in mind that LaunchDaemons, from /Library/LaunchDaemons/ run as root, but any LaunchAgents, like in /Liibrary/LaunchAgents/ or ~/Library/LaunchAgents/ run as the user, so they won't run commands as root. Since your script calls a policy with the jamf binary, you'll need to have it designed as an Daemon, not an Agent.
Lastly, I would drop the sudo from the final script since it won't be needed in that instance.
Posted on 12-04-2013 05:39 PM
One of the smart cookies here also discovered that the "Checking for policies triggered by "networkStateChange"..." is only triggered by WiFi connections not by Lan which i need
Posted on 12-06-2013 09:18 AM
What we use is based on the WiFi Location Changer project https://github.com/rimar/wifi-location-changer, which was based on Mac OS X LocationChanger http://tech.inhelsinki.nl/locationchanger/. Both pages have the script and example launchdaemons for download.
Like Nick said, our LocationChanger launchdaemon watches for changes in /Library/Preferences/SystemConfiguration. There were some initial issues with looping since the LocationChanger script was triggered by changes to preferences in the SystemConfiguration folder, and was itself writing changes back to that folder, persistently triggering the launchd, and that was resolved with a simple "sleep 10" at the beginning of the script. After that, all looping of the script and throttling of the launchdaemons was stopped, and our logs have been quiet for about a year now.
Edit: If you have different IP's for WiFi vs wired, you could pick that up with the script, and the tech.inhelsinki version as an example of that process.
A version of our LocationChanger is below, and hopefully it still makes sense after all the sanitation of network location names and names cities where our offices are located. We have the standard "Automatic" location and four different network locations in OS X to point our Macs to different proxies, depending on their geo, or "Automatic" for no proxy, if they're off our network.
#!/bin/bash
## This script automatically changes the network location based on the current SSID.
## Matt Bauer, Nick Kalister - 2012, 2013 - Source script from github.com/rimar/wifi-location-changer.
# Uncomment below to redirect all output to /dev/null for troubleshooting or testing.
# exec 1>/dev/null 2>/dev/null
# Waiting 10 seconds to let the network connections sort themselves out before executing script.
# This also keeps the launchdaemon from being throttled as a result of infinitely looping.
sleep 10
AirPortPower=`/System/Library/PrivateFrameworks/Apple80211.framework/Versions/A/Resources/airport -I | grep -e AirPort: | cut -d ':' -f 2 | tr -d ' '`
AirPortOff=Off
SSID=`/System/Library/PrivateFrameworks/Apple80211.framework/Versions/A/Resources/airport -I | grep ' SSID:' | cut -d ':' -f 2 | tr -d ' '`
WorkSSID=CorporateWifiSSID
LocationCheck=`networksetup -getcurrentlocation`
CityCheck1=`ifconfig | grep 10.1.2`
CityCheck2=`ifconfig | grep 10.1.3`
CityCheck3=`ifconfig | grep 10.1.4`
CityCheck4=`ifconfig | grep 10.1.5`
# Determine current location and whether it's an corporate location or not.
if [ "$LocationCheck" == "Corp Location 1" ] || [ "$LocationCheck" == "Corp Location 2" ] || [ "$LocationCheck" == "Corp Location 3" ] || [ "$LocationCheck" == "Corp Location 4" ]; then
Location=WorkLocation
else
Location=OtherLocation
fi
# Check current IP and determine whether it's one of those city's IP addresses or not.
if [ "$CityCheck1" == "10.1.2" ] || [ "$CityCheck2" == "10.1.3" ] || [ "$CityCheck3" == "10.1.4" ] || [ "$CityCheck4" == "10.1.5" ]; then
CurrentIP=CityIP
else
CurrentIP=OtherIP
fi
# Check AirPort power and connection status.
if [ "$AirPortPower" == "$AirPortOff" ]; then
exit 0
elif [ "$SSID" == "" ]; then
exit 0
fi
# Check to see if the SSID and network location settings are already accurate.
if [[ "$SSID" == "$WorkSSID" && "$Location" == "WorkLocation" ]]; then
sleep 5
/usr/sbin/jamf log
exit 0
elif [[ "$SSID" != "$WorkSSID" && "$Location" != "WorkLocation" ]]; then
exit 0
fi
# Change network location and set to an APAC location if the IP address matches one of the Chinese HDS IP addresses.
if [[ "$SSID" == "$WorkSSID" && "$CurrentIP" != "$CityIP" ]]; then
scselect "Work Location 1"
sleep 5
/usr/sbin/jamf log
elif [[ "$SSID" == "$WorkSSID" && "$CurrentIP" == "$CityIP" ]]; then
scselect "Work Location 2"
sleep 5
/usr/sbin/jamf log
else
scselect Automatic
fi
exit
Posted on 12-08-2013 01:40 PM
Hey thanks for the help guys but i really just wanted to trigger on the change so did this it seems to work ok for me
tail -f /private/var/log/system.log | while read LINE
do
if [ `echo $LINE | grep -c "+:156.62"` -gt 0 ]
then
jamf -policy -trigger internetautologin
fi
if [ `echo $LINE | grep -c -- "-:156.62"` -gt 0 ]
then
jamf -policy -trigger internetautologout
fi
Done
Cheers
Posted on 01-06-2014 03:08 PM
based on some initial testing here, the networkstatechange trigger seems very inconsistent. I'm trying to script a network location change and proxy setup when new interfaces are connected. launchd might be the better way to go for now...
Posted on 01-13-2014 01:26 PM
Has anyone having issues with the launchdaemon watching /Library/Preferences/SystemConfiguration triggering whenever the jamfagent is checking in for policies?