Contribute  :  Advanced Search  :  Directory  :  Forum  :  FAQ's  :  My Downloads  :  Links  :  Polls  
AFP548 Changing the world one server at a time.

advanced search 

Sections

Home
AFP548 Site News (107/2)
Articles (282/28)
Apple (50/2)
Extended KB (3/1)
Ask AFP548 (16/42)
Reviews (5/1)
Security (17/2)
Tips (130/8)
Third Party Applications (53/6)
Odds and Ends (28/1)
Podcasts (2/0)

User Functions

:

:

Don't have an account yet? Sign up as a New User
Lost your password?

Poll

Do you want push services for the iPhone on Mac OS X Server?
Yes! Expand the existing stuff!
Yes! Apple should add EAS support!
No! I just use another service that already has push.
Results
165 votes | 0 comments
Welcome to AFP548
Thursday, September 02 2010 @ 07:43 pm MDT
   

New networksetup Features in Snow Leopard

Tuesday, September 01 2009 @ 02:02 am MDT
Contributed by: cedge
Views: 6,449
Articles

The networksetup command is pretty useful for deploying static network information, which is otherwise tedious (to say the least).  In Mac OS X 10.6 there are three major additions to networksetup that have not gotten a lot of attention yet.  The first is that you can now use networksetup to import and export 802.1x profiles (and link them to certificates that you import from pkcs12 into Keychain), which will hopefully ease implementation burdens for environments with supported 802.1x setups.  The second is that networksetup can now be used to manage a Baseboard Management Controller (BMC), which is the chip that enables ipmi/Lights Out Management.  The third new option is the addition of network locations control from within networksetup.  This means that networksetup can now be used to configure basically the entire network stack. 

Read on for more...



First let's look at the options that have been added to ease the burden of integrating 802.1x.  In the Network System Preference pane, if you've enabled 802.1x on a Mac host, you may have noticed that you have User Profiles, Login Window Profiles and a System Profile.  The options in networksetup correspond to these, with -listalluserprofiles and -listloginprofiles showing available user and login profiles respectively (you can only have one System Profile so there's no need for listing all one of them).  Additionally, any profiles that you generate will need to be enabled.  You will use the -enablesystemprofile to enable the system profile for a given service.  And if you are integrating 802.1x with the loginwindow you'll need to enable one of the profiles that you listed earlier, using the -enableloginprofile option to networksetup along with the service followed by the profile followed by an on or off switch.  For example, if we wanted to enable a profile called mycompany for the login window and we wanted to use the service that we'd setup called PrimaryEthernet then we could use the following command:

networksetup -enableloginprofile PrimaryEthernet mycompany on

But, where are these profiles coming from?  Well, the easiest way to get them on your system is to use the -export8021xProfiles to export all profiles for a given service on an imaging station and then the -import8021xProfiles followed by the service to import the profiles into, followed by the path to the export file.  You can also export just the user profiles using the -export8021xLoginProfiles or the -export 8021xSystemProfiles options to export just the login profiles and system profiles respectively.  TLS will be a bit trickier.  Apple includes the -settlsidentityonsystemprofile and -settlsidentityonuserprofile to assist with pkcs12 integration (currently the only supported format).  While Snow Leopard also introduces an option in the GUI to connect to an 802.1x environment immediately, I've yet to find command line support to test the supplicant.

In addition to 802.1x options, Snow Leopard also comes with the ability to manage that Lights Out Management (LOM) port on those shiny Xserve's all the cool kids are talking about (without compiling ipmitool on your own).  To see the LOM settings, you would use networksetup along with the -showBMCSettings option.  To setup LOM, use the -setupBMC option, along with the port to use it on followed by whether it will be static or DHCP (yes, I said DHCP but I don't think I'd do that), the IP, subnet mask, gateway and finally the admin user name and password (keep in mind those passwords need 8 characters).  So let's say that I wanted to configure my LOM interface to use Ethernet 1, using 192.168.210.2 with a subnet mask of 255.255.255.0 and a gateway of 192.168.210.1, with a LOM username of admin and a password of mysecretpassword1.  I would then use the following command:

networksetup -setupBMC 1 static 192.168.210.2 255.255.252.0 192.168.210.1 admin mysecretpassword1

Finally, locations have always been pretty straight forward in the Network System Preference pane and they still are in networksetup.  Simply use the -getcurrentlocation option to show you which location is active (if you haven't ever customized network locations this should be automatic).  You can see all of the locations (not just the active one) by using the -listlocations option.  When you know which locations you have, if you need more, go ahead and do a -createlocation followed by the name to be assigned to the location.  By default the default services will not be included in this location, so use the populate option to add them.  If we were creating a new location called 8021xenabled then our command would look something like the following:

networksetup -createlocation 8021xenabled populate

To then make that location our active location use the -switchtolocation option.  For example, we could use the following to activate that location we just created:

networksetup -switchtolocation 8021xenabled 

And to delete it if we did something wrong use the -deletelocation (to continue on with our previous example):

networksetup -deletelocation 8021xenabled 

While this doesn't seem very earth shattering the ability to programmatically create (and delete) locations allows administrators to build new test packages for home vs work settings and also be able to send users packages with locations built into them to help test for problems, potentially a huge time saver!

 

What's Related

Story Options

Advertising

New networksetup Features in Snow Leopard | 2 comments | Create New Account
The following comments are owned by whomever posted them. This site is not responsible for what they say.
New networksetup Features in Snow Leopard
Authored by: cashxx on Thursday, September 03 2009 @ 03:48 pm MDT
Has everyone seen the mcxrefresh command???

For the Windows admins its the same as "gpupdate /force" basically!!!

 Copyright © 2010 AFP548
 All trademarks and copyrights on this page are owned by their respective owners.		 Powered By Geeklog 
Created this page in 0.15 seconds