Script to set preferred wifi--works from Remote but not Self Service

stevehahn
Contributor

I've written a script that removes our corporate WiFi network and then re-adds it as the top preferred network.

When I run the script on a client through Casper Remote, it works as expected.

When I run it as a policy through Self Service, I get asked to allow networksetup (the binary that is doing the work in the script) to access the keychain item for the WiFi network. Any help? The script is below.

#!/bin/bash

# Script for to set the preferred wifi SSID and/or remove an unwanted SSID

# $4 is the SSID you want to make the preferred network. 
# $5 is the SSID you want to remove from the list of preferred networks
# These variables are passed in by Casper--set them in Casper Remote or in policy settings, depending on how you're deploying the script

# Set the SSID specified in $4 as the preferred network by removing it and re-adding it
if [ -z "$4" ]
then
echo "No preferred SSID has been passed into the script, skipping this step..."
else
echo "Setting $4 as the preferred WiFi network..."
wifi=`networksetup -listallhardwareports | awk '/Hardware Port: Wi-Fi/,/Ethernet/' | awk 'NR==2' | cut -d " " -f 2`
/usr/sbin/networksetup -removepreferredwirelessnetwork $wifi $4
/usr/sbin/networksetup -addpreferredwirelessnetworkatindex $wifi $4 0 WPA2E NONE
fi

# Delete the SSID specified in $5

if [ -z "$5" ]
then
echo "No SSID is set to be deleted"
else
ssidToDelete=`networksetup -listpreferredwirelessnetworks $wifi | grep $5`
    if [ -z "$ssidToDelete" ]
    then
    echo "$5 isn't set up on this computer"
    else
    /usr/sbin/networksetup -removepreferredwirelessnetwork $wifi $ssidToDelete
    fi
fi
11 REPLIES 11

stevehahn
Contributor

Hmm... maybe no one saw this since I posted late last night? Hoping the day shift has some insights...

nessts
Valued Contributor II

my guess is that you need to use the security command to unlock the system keychain, but just a guess.

mm2270
Legendary Contributor III

@stevehahn Since you're using networksetup multiple times in the script do you have any indication where in the script its getting stopped with the authentication request? Can you add some echo lines throughout or have the script send stdout and stderr to a log file somewhere so you can see that?

I've done some similar things with networksetup recently in scripts and can't say I've had the issue of it needing admin credentials as long as the script is running as root or with sudo.

stevehahn
Contributor

I added this to the script right before it adds the preferred network back in:

security unlock-keychain -u /Library/Keychains/System.keychain

No luck. :(

stevehahn
Contributor

external image link

The dialog suggests to me that maybe it's not the System keychain it's after, maybe the user's keychain...?

stevehahn
Contributor

@mm2270 Yes, I've run the script locally and it's getting stopped here:

/usr/sbin/networksetup -addpreferredwirelessnetworkatindex $wifi $4 0 WPA2E NONE

So the only time I don't get the error is when deploying through remote; if I run the script locally or through Self Service I get the access request.

mm2270
Legendary Contributor III

Are there any spaces in the network name? I see the $4 is not quoted in your command. Maybe its getting tripped up because of a space or other character in it that would benefit from being enclosed in quotes?

Edit: Never mind the comment on the index position. I may have been thinking of something else.

Also, since you said it works from Remote as is, just not from SS, etc. its likely not the quotes issue.

Nix4Life
Valued Contributor

Hey guys;

does this work better than a mobile config,or in conjunction with a mobile config

LS

QualityThyme
New Contributor

Hey i was trying to script out the same type of sequence to just install a network, did you ever find a fix for this issue?
@stevehahn

mahughe
Contributor

I'm having the same issue when run locally and the post image script errors out not setting the Wi-Fi on 10.9.4..

Snickasaurus
Contributor

Bringing life back into an old thread, was a fix ever found for this?