WEP, WPA, keychain, security

tlarkin
Honored Contributor

Soooooooo

Another project on my road map is to migrate everything to WPA. Of course I need to test this out, and am looking to push out a package via casper that will migrate clients from the existing wireless encryption to a new one, and probably a whole new SSID. I have been researching it, and it seems that the security unix command can be used to add, modify, etc keychains in the system.

I found some apple scripts that do it as well, but they run in the GUI, are interactive and can be interupprted by the end user. Something I am not really keen on using.

What are the methods you people used with Casper and pushing this sort of stuff out? I have been playing around with networksetup and security binary scripts to add the network settings and the keychains.

Thanks in advance for any help

tom

4 REPLIES 4

eanderson
New Contributor

I too will be doing this same thing about a month from now. I would love to
hear what people have figured out already without having to build from
scratch.
Thanks,
Eric

Not applicable

We also need to do similar, any scripts that people would like to post will more than likely come in very handy and we'd be happy to post back any improvements or changes...

Cheers
Dan

tlarkin
Honored Contributor

Well

I got some time to research it, but any pointers would be greatly appreciated. It can be accomplished from the command line for sure, but I just haven't quite pieced it together yet. I think you need to do it in this manner, which can be scripted:

1) power off airport card

2) create certificate for wireless network

3) create system keychain for wireless network and let the AirPort application, airportd, and system preferences have access to it

4) Input proper information for wireless key (SSID, passkey, etc etc)

5) Make that key chain the default wireless network

6) power airport card back on

Anyone done this?

tlarkin
Honored Contributor

I have been hurting my brain trying to figure out the best method of doing this, and I will share what I have found so far.

If you make a symbolic link to the airport binary (since they tuck it away in a weird place) you can use it to make some changes. Now, if it stores it in the keychain I have no clue to make a sym link open terminal and do this

wyandotte-205:~ tlarkin$ cd /usr/sbin
wyandotte-205:sbin tlarkin$ sudo ln -s /System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport /usr/sbin

now you can do this from the terminal

wyandotte-205:sbin tlarkin$ airport -h
airport AirPort v.521.5.1 (521.5.1)
Supported arguments: -z --disassociate Disassociate from any network -i[<arg>] --ibss=[<arg>] Create IBSS -x --xml Print info as XML -s[<arg>] --scan=[<arg>] Perform a wireless broadcast scan. Will perform a directed scan if the optional <arg> is provided -r<arg> --repeats=<arg> Repeat the command the specified number of times -A[<arg>] --associate=[<arg>] Associate to network. Will prompt for network name if arg is not specified and if necessary, for a password if the network is using WEP or WPA. The following additional arguments may be specified with this command: --bssid=<arg> Specify BSSID to associate with --password=<arg> Specify a WEP key or WPA password -I --getinfo Print current wireless status, e.g. signal info, BSSID, port type etc. -P<arg> --psk=<arg> Create PSK from specified pass phrase and SSID. The following additional arguments must be specified with this command: --ssid=<arg> Specify SSID when creating a PSK -c[<arg>] --channel=[<arg>] Set arbitrary channel on the card -h --help Show this help

If you look into it you can easily write a command to add an airport network but I doubt it saves it in the keychain

/usr/sbin/airport -A --associate your_ssid --password your_wireless_passkey

now if yo ulook there is the -P switch which will allow you to add a preshared key. Again I don't think this writes to the system keychain. I think you will need a separate line of code to do so.

Anyone at all made any progress with this? Sorry for the convoluted email, as I am just copying/pasting what I find.