Posted on 03-13-2014 08:57 AM
The majority of our machines are running 10.7 or higher so we use Configuration Profiles to set the SSID for Wi-Fi. This works pretty good, however, sometimes machines will drop their profiles for no obvious reason and can only be re-established by plugging into ethernet and running a Recon. Not sure if it's possible but it would be nice to implement and cache a script in LaunchDaemons that checks for an active Wi-Fi connection say, once a minute and if it's not active, re-connect it to the proper SSID. Any ideas on how to do this?
Posted on 03-13-2014 11:01 AM
Step 1, check out rtrouton's script for handling this:
https://github.com/rtrouton/rtrouton_scripts/blob/master/rtrouton_scripts/setting_preferred_wireless_networks/setting_preferred_wireless_network.sh
Step 2, write a launch daemon, similar to below, that calls on your script. Be sure to a) chown root:wheel /Library/LaunchDaemons/org.companyname.poll_wi-fi.plist b) chmod 644 /Library/LaunchDaemons/org.companyname.poll_wi-if.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>org.companyname.poll_wi-fi</string>
<key>LimitLoadToSessionType</key>
<string>Aqua</string>
<key>ProgramArguments</key>
<array>
<string>/Path/to/Script/script_to_poll_wi-fi.sh</string>
</array>
<key>RunAtLoad</key>
<true/>
</dict>
</plist>
I haven't done this... but it sounds like the logic is there.
I guess taking a step back though I would ask if there is any other way to get the configuration profile to stop dropping? Are you behind a proxy or some sort of web filter that is interrupting communication with the APNs?
Instead of plugging into en0 can you run a sudo jamf mdm command (if v8) or a sudo jamf manage and get the cert to come back to the client? That's obviously a much easier script / command. Throw a -verbose flag on the manage... what is it saying?
Does a sudo jamf enroll -prompt bring the cert back?
Just thoughts... apologies if not relevant.
Posted on 03-13-2014 11:53 AM
Cool, looks like a good script to start from. Does setting a preferred network try to connect said network as well? These machines are still going to have the network listed in preferred but you can't reconnect at the login window and these are all network users so with no connection, no login. We have to login as either local admin (on site) or plug into ethernet to login remotely with ARD.
Would any of the jamf commands even work w/o an active connection?
As for why, not sure. No proxy and these machines are already behind the firewall. The machine maintains the MDM enrollment profile but any other profile gets dropped. This is not widespread, maybe 5-10 per week (out of 750 client machines). But it is annoying enough that a new trouble ticket has to be submitted and a student does not have that computer to log in to at that time. I can test some of the commands with the verbose flag when I'm back in the office.
Lastly, trying to understand the plist, the sessiontype of aqua means it would only run when a user is logged in? I would change that to loginwindow as that is where the main issue lies. At the loginwindow, would it only run once or can it be set to run, say, every 300 seconds?
Posted on 03-14-2014 12:31 PM
I made a script a couple of years ago that tried to do something similar to what you are describing. It might point you in the right direction anyway: