Jamf Nation Community

andyfreeman · ‎08-29-2019

I'm in the process of trying to roll out noMAD - One of the features I want to use is for noMAD to be synced to a 802.1x WiFi Keychain Entry.

Because normally this keychain entry isn't created until a user logs in for the first time, I want the entry to be automatically created via the script if it doesn't already exist.

The line I am using is -

sudo -u $netname security add-generic-password -a $netname -D "802.1X Password" -l Workstations-Wifi -s com.apple.network.eap.user.item.wlan.ssid.Workstations-Wifi -T /System/Library/SystemConfiguration/EAPOLController.bundle/Contents/Resources/eapolclient

and I am getting -

security: SecKeychainItemCreateFromContent (<default>): Write permissions error.

Does anyone have any idea what I may need to do here? Any help would be appreciated!

mm2270 · ‎08-29-2019

Try this. Make any necessary adjustments.

#!/bin/bash

LOGGED_IN_USER=$(stat -f%Su /dev/console)
LOGGED_IN_UID=$(id -u "$LOGGED_IN_USER")

netname=$(use whatever you already have here)

/bin/launchctl asuser $LOGGED_IN_UID sudo -iu $LOGGED_IN_USER /usr/bin/security add-generic-password -a $netname -D "802.1X Password" -l Workstations-Wifi -s com.apple.network.eap.user.item.wlan.ssid.Workstations-Wifi -T /System/Library/SystemConfiguration/EAPOLController.bundle/Contents/Resources/eapolclient

andyfreeman · ‎08-30-2019

@mm2270 Thanks, I tried that but am still getting "security: SecKeychainItemCreateFromContent (<default>): Write permissions error."

Any idea? I assume maybe because I need to unlock the users login keychain first before I can save anything to it.

Is it possible to do this?

Cheers!

Jamf Nation Community

Script to create keychain entry for current user