Script for joining WPA2 Personal Wireless Network

[dcc]

Ok Guys,

Been working on this a while and getting nowhere. I have read all of the previous posts I could find, but most of them had to do with 802.1x.

We are about to switch our open wireless network to WPA2 Personal. What I am trying to do is push a file or script out to my clients while they are still connected to our open network so that when we change it, they already have the new secure network in their preferred networks and it just joins up. I do not want my end users to have the password.

I would also like to be able to run this in my imaging process as a first boot script and probably for all my student machines have it run at every boot so that if for any reason a student gets where he or she can’t join, all they have to do is reboot to connect back up.

A special thanks to Spider for all of his help already on Launch Daemons and first boot scripts!

Thanks,

Mitchell

[knowmad]

ok, so I have been promising to write up a script myself for a LONG time, instead, I will share what I have found to guide my never written script:

Wireless installer for the masses…

that link is a good one, but very complicated scripting… I have not parsed it all but I feel it might do more than you or I need. I found it from a discussion started by our own tlarkin here:

http://forums.macosxhints.com/archive/index.php/t-93763.html

there were other items that could be used to do this, but this is particularly complete. I figure you can run the whole thing as first boot with the wireless setup hardcoded and then have it wipe itself out, or maybe, just maybe it can be done during the build process with a little fudging regarding the keychain itself.

maybe

[dcc]

Knowmad,

I had found both of these resources as well and have read over them many times, but they both seem to be specific to a WPA enterprise solution as opposed to WPA/2 personal. If they would work for what I am trying to do, can you help me out as to what I would need and wouldn’t need to make it fit for a WPA2 personal implementation?

Also, much of that looks like AppleScript. Can that be run inside a shell script by a launchd at first boot?

[Rusty Myers]

Oh yes, it can! Check out this example:

[code]#!/bin/bash

#Written June 2009 by [email protected] and [email protected]

qcancel=`/usr/bin/osascript << EOT tell application "System Events" tell application "System Events" to activate set agree_dialog to display dialog "This program will copy your PSU Access ID, Computer Name, Airport MAC address, and Ethernet MAC address into a file on the desktop. Email that file to [email protected] for access to the College of Education (COE) software. Please copy down the email address. Failure to email that file will result in denied access to the COE software. The EDUCATE program requires you to send this information. Please contact ETC at 814-865-0626 for more information. If you do not wish to send the above specified computer information, hit the cancel button. " buttons ["Cancel ", "Agree"] with title "EDUC KeyServer Agreement" default button "Cancel "
end tell
EOT`

echo $qcancel

if [ "$qcancel" = "button returned:Cancel " ]; then
exit 0
fi

#Ask for PSU Access ID (abc1234) with Applescript
accessid=`/usr/bin/osascript << EOT tell application "System Events" display dialog "Enter your PSU Access ID" default answer "e.g. abc1234" buttons ["OK"] default button "OK" set result to text returned of result end tell EOT` echo "PSU Access ID: $accessid" #Get Computer Name cname=`system_profiler SPSoftwareDataType | grep 'Computer Name' | awk '{print $3}'` echo "Computer Name: $cname" #Get Computer WMAC Address wmac=`ifconfig en1 | grep ether | awk '{print $2}'` echo "Wireless MAC: $wmac" #Get Computer MAC Address mac=`ifconfig en0 | grep ether | awk '{print $2}'` echo "Mac Address: $mac" file=$accessid".csv" echo "psuaccessid, computername, wirelessmac, mac" > ~/Desktop/$file
echo “$accessid, $cname, $wmac, $mac” >> ~/Desktop/$file

/usr/bin/osascript << EOT tell application "System Events" display dialog "Please email the file on your desktop named $accessid.csv to [email protected]. Be sure to copy this email address down before clicking OK." buttons ["OK"] default button "OK"
end tell
EOT

exit 0[/code]

[knowmad]

1) as spyder points out, you can run applescript from inside shell or vice versa as a startup script
2) I have no idea how much work would be required to get it to do personal istead of enterprise, I will work on it next month
Sorry

[mlinde]

-bump-
I am now also facing the WPA2 Personal challenge. Here’s what I know:
It looks like the PlistBuddy work would be able to build/edit the plist for the airport information (it uses two of the 4 plists in the BMOC scripts). However it also looks like the passcode is hashed when added – so I’m not sure how to approach that.

I’m hacking up a couple of scripts based on existing good work, and will post my work if/when successful – but if someone has done this and just hasn’t put it up here, that would be great to see sooner than later…

[homepup]

I’m using a WPA2 Personal network at home (SSID=DeepThought) and the following dict item in /Library/Preferences/SystemConfiguration/preferences.plist:

SSID_STR
DeepThought
SecurityType
WPA2 Personal
Unique Network ID
2DDB7534-F5EE-4C38-B3B8-1E804EE16ADD
Unique Password ID
7E164DE3-2CCF-4497-93D7-FFE67547EC6C

corresponds to the info that System Preferences puts in the Preferred network list. The “Unique Password ID” is not a hash of the password, but rather the Unique ID number that corresponds to the entry in Keychain access that contains the password for that network.

If I open Keychain Access and look at the info contained in the system.keychain for my saved password, it will be the same info in the “Where” field.

Not sure what the Network ID connects to. On WPA2 Enterprise, that’s the part that connects to the password item in Keychain Access.

P.S. I’m the author of the BMOC entry mentioned above. You may want to doublecheck that link again. I periodically update the info and have since posted source files to use/modify. Tried to comment it to explain each of the steps, but there’s a lot happening in those scripts. All said, if I was to have started it on Snow Leopard, it would have been MUCH easier.

[knowmad]

so many moons ago I promised to work on a script for this, instead I got shunted into other projects and other work (kbox, security, AD logins etc)
in the mean time this has now raised it head again.
Has anyone else who said they were working on it made any progress or am I still starting with little more than the script from Homepup and spider’s boot hack for it?

[Author]

Posts