|
network setup script
so, we have deployed over 5,500 macbooks as mobile users at my work. For some reason some of the client macs are not keeping the proper airport network settings. So I am trying to write a log in hook that will force the clients to join our secured wifi network when they log in on our network.
The script runs but errors out when I test it, saying that the airport is turned off so it can not run. here is the script: Code:
#!/bin/bashYou cannot set AirPort power because all AirPort network services are disabled. You cannot join a network when AirPort power is off. thoughts? |
Anyone ever use the networksetup command before? It works when I use it to push out proxy settings, that actually works perfect, but when I use it to push out the wireless network settings it errors out.
Anyone have any ideas at all? |
No Airport here, so all I can suggest is that you try your script one line at a time and see if you can get any of them to work. Maybe you need to give the script admin rights?
|
Quote:
|
The original message I got was that I could not run the script because the airport service is not running, so I set the command to turn the airport on and it says it can't because it has no power. Let me see what happens if I run it with out the power options...
OK, well I just ran it with out the power option in the script and it says I can't run it because the airport is not powered on, but the airport is powered on. So I don't get it. When I use the command to turn the power on for the airport it says I can't because there is no power, yet the whole time my airport is in fact turned on. Anyone?????? |
Just a thought, if it fails maybe you can script to turn the power off, then on again?
|
I will try that, but what gets me is the Airports are probably never turned off on these mac books.
|
update!
For those of you who are wondering how this is going, the answer is, the same.
If I run the first line of the script it goes through no error. If I run the second line it errors out with that error message saying that the Airport has no power, and if I run the third line (the one I need to work to set as a log in hook) I get the same error message that the service is not running and there is no power... Anyone have any suggestions???? |
It's probably not what you want, but maybe you could do it through Applescript? You'd probably have to do some GUI scripting.
|
Quote:
These are log in hooks ran by the Casper client at log in. |
Your script could call the Applescript. I'm not sure, but I believe there's a way to run an Applescript within the script, without calling an Applescript file.
Edit: I guess not. You'd have to use the -e flag with the osascript command, and that probably wouldn't work well. Fortunately, the Applescript file is just a text file, so you shouldn't have a problem getting it on the client machine. |
I think then I would have to keep the apple script on the local machine though...where as a shell script I can keep it on a network share and the casper client will find it and do the rest automatically. I do not know casper that well yet so I am still learning how it all works
|
It's kind of a kludge, I know. But at least it might make it possible. When the preferred method doesn't work, you need to consider the alternatives. ;)
|
Is it possible that your script is being run on the server instead of the client machine? That would explain why it can't turn on Airport.
|
Gotten anywhere with this? I'm curious to know if Casper really is a friendly Ghost. :D
|
Casper isn't the problem it works as it is intended. The script is the issue. I may have to look at another way, though I did email my script out to the casper mailing list and I think I am going to email it to my Apple SE as well to see if any scripting genius can figure out what I am doing wrong.
|
Are you sure it's running the script on the laptop? If you insert a line like this:
echo "hello " > /test.txt does the file get created on the laptop or the server? |
I already have several scripts running on the casper server and they are working. This script I have not deployed yet because I can't get it to work in my test environment. I test everything out with the same image and macbook that all the users have to ensure it will work when I deploy it network wide.
yes, so far casper is working exactly how it should. We already have 5000 machines inventoried, recon running with full reports. here I will just post you a screen shot of an inventoried machine. I connect to the JSS server web interface, look up a machine and run the report on it, and the report looks like this. http://img530.imageshack.us/img530/6...ure1gy5.th.png That is a screen shot of just one of the items Casper can run a report on. It is on one machine. It also lists all applications installed, all current processes running, serial numbers, hardware information, OS version, updates that have not been installed yet, and as you can see it lists every time this user has logged into and authenticated to the ODM. Plus you can see that some policies are being run, which are shell scripts. There is just too much to show exactly what casper can do inventory and report wise. We have 5,000 macbooks inventoried now. Oh and you answer your question about where the scripts are stored, Casper is a server side technology which has an AFP share point built into the software. Whenever the jamf binary connects via ssh to the server it will pull everything it needs from that AFP share that is on the server. On top of that you can add multiple AFP shares throughout your network and it will find the closest AFP share (the one on your subnet) and pull from it so you don't have thousands of users all pulling from the same resource. It is hard to explain casper and I have only been using it a few weeks so I am a noob, but I am learning every day and the more I play with it the more I like it. I think I am going to see if I can go to their training session in MN, and just go through it and get the certification. |
Well, you've been using it infinitely more than I, so I'm just taking a stab in the dark. I'm assuming that there are probably times when it might be beneficial to execute a script on the server as opposed to on the client. That leads me to think that there might be a switch that might be set incorrectly, causing your script to execute, but on the wrong machine. It's just easier to believe that than it is to find something wrong with three straight forward lines of code. ;)
|
I am running the script locally on the machine, I haven't even made it deployable yet. Casper also has phases as well. You can run something as test and have it run on a set machine then you can configure it as deployable as well.
The script is broken, and I am not sure what I am doing wrong. I even tried it on a non managed machine that does not authenticate to the ODM and i still get the same power error message. I think my syntax is wrong, but according the man page I am using it right. As of now the script is not on casper, so that is not the issue, and I will just use casper to deploy it rather than the ODM. I am also taking stabs in the dark. So any more suggestions are always welcomed and appreciated. |
Quote:
Code:
<?xml version="1.0" encoding="UTF-8"?>Code:
#!/bin/sh |
Pat,
thanks for the input! I haven't really messed with launch daemons that much but I will definitely look at your solution. So, once you create the daemon and edit the plists you are good to go? Thanks again for your help I appreciate it. |
Quote:
|
ok quick question before I try this on monday. How will it effect other wifi networks? The users take their laptops home every day and on the weekends, so they need to connect to other wifi networks.
|
It won't hurt it. This will just make Airport go through it's preferred network list or recent networks.
|
thanks one more noob question, where do I put in the SSID and encryption passkey at in the plist?
|
OK, so I am looking at the framework where it keeps the data which is under:
/System/Library/PrivateFrameworks/Apple80211.framework/Resources/airport So, if I create a this launchd item it will pull the info from that framework? So, I should set up the wireless on a machine and make sure it works and then create the .plist. I am just not connecting all the dots I don't think EDIT.... Okay, I think I see what you did there I hastily read over the plist file. You also edited a plist under /Library/Preferences/systemconfiguration Okay I think I grasp what is going on now and see a solution. So, are you pushing out both that launchd item and the plist over the network? Because a certain percentage of our user base just drops the WiFi encryption key all the time. I even have repeat offenders, it seems like some OS X installs just don't want to listen. Okay, so I can edit the plist file under /Library/preferences/systemconfigurations/com.apple.airport.plist and be done with it. I just got to figure out a way so that every time a user logs in that launchd item and the plist gets pushed out to the users. Or I guess I would just have to really do it once, and the launchd item would then make it happen at log in. |
Well, I just this morning got an email from my Apple SE, and he says my script works fine on his non managed machines running 10.4.10, 10.4.11, and 10.5.1
However, it doesn't work on my machine, if anyone else has the time could they fill in the blanks on the script and run it on their machine and see if it works. You could test it by completely removing the preferred WiFi network on your system, fill in the blanks, then run the script. It should add that SSID and security settings back to your system. We do have an application monitor running which I am wondering if it is causing the script not to run properly. Thanks, |
quick question, putting the plist file in /Library/LaunchDaemons will automatically run it at boot up or log in?
|
Quote:
See http://www.afp548.com/article.php?st...50620071558293 |
Thanks, I tossed the plist on a few guinea pig users and told them to check back with me if the wireless still keeps failing.
In the next few weeks we start assessment tests and they want to do it over wireless, and well I have a fairly large percentage of students having wireless issues. I also need to push out the 10.4.11 update to a few users because that is suppose to resolve some wireless bugs. I hope Apple really gets a fix on this soon, because I have a lot of panicking educators asking me all these what ifs.... As a back up plan I got tons of mini switches and patch cables so if push comes to shove... |
update
Today, I made a policy which puts the plist that I pretty much copied from this thread and changed the name according to plist standards and our domain and school, out to every client's /Library/LaunchDaemons directory. The policy is set to run once on each computer, and it checks each client every 15 minutes. Before I left work today over 500 had gotten the plist and tomorrow all 5000 clients should have it, or at least most.
AFAIK, it was working. The test machines I put it on did not seem to loose their preferred network connections when restarted, logged in/out, or put to sleep. So, thanks a lot for the help. |
Auto Setup of Airport
Quote:
When you connect to a wireless network using the AirPort menu item, the wireless access point password is stored in both the user and the System Keychains. However, using the networksetup command the wireless access point password is not stored within the System or User Keychains. Dose anyone know of a command which will do the same thing as connecting via the GUI? We are able to add the password to to an unlocked keychain with the help of the security command. However, our current stumbling block is adding the password to the locked /Library/Keycahins/System.keychain via the command line, without resetting the system Keychain to a known password. How are others automatically configuring the KeyChain and AirPort, with out cloning the machine? Thank you all the best. The Lucid Team. -- Lucid Information Systems http://www.lucidsystems.org |
lucid,
Thanks, but all my clients are tiger clients at the moment. |
scripting airport on Mac OS 10.5
Lucid,
We are facing exactly the same problem as you described below. Did you find any solution to how automatically configure airport on Mac OS 10.5? Any help would be greatly appreciated. Quote:
|
in 10.5 there is a network setup binary in /usr/sbin/networksetup
If you read through the man pages you can script network settings. I have done this in Tiger with the ARD binary to set proxy settings, and it worked. Now, in 10.5 Apple just decided to make it a part of BASH instead of it being specific to ARD. |
10.5 does not retain the scripted airport settings
Thanks a lot for the reply!
For some reason in 10.5 the networksetup command works only until laptop goes to sleep or reboots, even if we have the Airport Preferences set to "Remember any network this computer has joined". That checkbox does not seem to work the same way as it did in Tiger. I am not sure if it is a bug or not, but any 10.5 laptop that I have tried to set up with the networksetup command does not retain the airport settings upon reboot or wake up from sleep. Quote:
|
Same Issue
Hello All -
Know this has been dead for a while, but am having the same problem. We have changed over the wireless network and need to migrate all users over to the new one - I am pushing out a .pkg that updaing a few things that need to be fixed and some other odds and ends, but we need to get it to join the new WPA wireless network. The networksetup command joins it to the wireless network, as alluded to above, but doesnt actually put the network in preferred networks list or saves it in system keychain :( I've shot this question off to 3 Apple SE's to see if they can conjour an answer - we shall soon see! Anyone got any traction with another solution not mentioned above? |
You know what you need to do, and this is the best $100 you'll ever spend. Go buy composer. Take a snap shot of a system just like the ones on your network, select capture new and modified files. Make all configuration changes, and then take another snap shot.
Build a package. Edit the contents to take out any user level preferences. Deploy it via ARD or whatever means Done. http://www.jamfsoftware.com/products/composer.php I use this all the time, and it is a superb product. |
Results...
Hi,
Thanks for the reply - well i've been using packagemaker and its got a 'add snapshot package' utility which i have been playing with - doing basically the same thing. I can then remove the keychain/preferred network, run the package, repair permissions, and then it all re-appears! I just find it a little strange, as system.keychain is one of the files it's 'editing' - now the question is - is this just a delta change? Or is it replacing the whole file? When I get back to work i'll test on a spare MBP, and then if they pick up my home wireless network settings then i'll know ;) The other problem is its actually changing the systempreferences.plist - again the same issue, is it just delta or replacement? If its replacement then it will wipe the users settings with mine! I'll check out composer, as that may solve my woes, however any advice with PackageMaker would be great.... i'm very dubious about the system.keychain change - I would be very surprised if OS X allowed an app to modify the system keychain without any issues..... Thanks, Mark |
The app is not modifying it, you are. Then you have two options, build the package as a pkd or as a dmg. Then deploy it. When you run it as admin it replaces the files with admin rights to whatever files you modified or created.
Just don't make the mistake I did, and keep the user level prefs in there. I once pushed out my dock settings to about 1200 laptops....the users emailed me like crazy, and all I could say was, my bad, but its just a pref just rebuild your dock! Lesson learned the hard way LOL |
Results...
Hmm... I didn't make it clear. After I took the snapshot, i removed all references to the wireless network - both in keychain access (from the sys keychain) and from the preferred network order.
Anyway, I will soon know about the system keychain and if it replaces or modifies it. To get around the permissions issue the post-flight script i am running is a repair permissions, which takes time yes but solves the issues ;) |
Has anyone a clarifying answer to the thread starting issue as posted by tlarkin?
I'm having exactly the same problem on Leopard 10.5.3 and for me is mandatory to solve it using Applescript or terminal commands |
Quote:
look in /usr/sbin/networksetup |
Nup.
Quote:
This is a big problem for us, so i'm going to ask the Apple Dev's at WWDC tomorrow :D |
Quote:
|
I'm not sure to have explained correctly my question: I have inconsistent results from the terminal command 'networksetup', exactly as stated in the following extract from the Apple discussion forum:
************************** Loaner-2:~ tech$ sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Support/networksetup -getairportpower AirPort Power: Off Loaner-2:~ tech$ sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Support/networksetup -setairportpower on You cannot set AirPort power because all AirPort network services are disabled. Loaner-2:~ tech$ sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Support/networksetup -getnetworkserviceenabled AirPort Enabled Loaner-2:~ tech$ sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Support/networksetup -setnetworkserviceenabled AirPort on Loaner-2:~ tech$ Loaner-2:~ tech$ sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Support/networksetup-tiger -setairportpower on You cannot set AirPort power because all AirPort network services are disabled. ********************************* |
Quote:
I have also had issues with powering on and off the airport via command line. It could just be a bug, because I never really got it to work all that well. |
A way forward
tlarkin is right - binary's have moved as stated above. I've seen an issue with a MBA where the airport card becomes disabled because its loose, not soldered on properly or something - kinda sucks when thats the only NI you have!
Maybe ensure that you can still turn it on via the airport menu in the GUI, as if that doesn't work then time for a trip to your local store. So i've asked the ENG team at Apple about how to roll out a 'new' wireless network to clients fully back-end. The major issue for us is that out system.keychain is corrupted, and the keychains are not something you can just replace - they are encrypted and have hardware hash's and if you try to simply replace them there will be tears before bedtime. So, for us, there is a process. 1) image a mac with the same image your other users are using. 2) make the nessicary changes to the wireless 3) get the systempreferences.plist and airport.plist files from /Library/Preferences and ~/Library/Preferences (cant remmeber which one is which - maybe use some snapshot software to detect the changes - package maker is decent) 4) open keychain access and ensure that the entry for your wireless network is there. 5) open terminal, and type man security. This is where it gets tricky. You have to export the keychain item (wireless network password) in P12 format using the 'export' command 6) (for us only) - delete the system.keychain, logout then back in to generate a new one 7) copy over the preference files from before, and copy over the exported P12 file to somewhere on the users system 8) using the import switch from the security command, do an 'import' back into they system.keychain - ensuring you get the settings right. I would be more specific but I haven't tested this myself, although the guy who helped build the Apple Keychain (hehe) swears black and blue that will work. Mark |
This is the 10.4 script I used to create different setting on different wifi networks. It has been over a year since I have used it, so I can't recall exactly how effective it was.
Code:
#!/bin/bash |
Wont work
Quote:
The problem with this script is that its a once off join - the networksetup command passes another command to the airportd, which means when you run the script and 'work as advertised', but it wont save the password of the wireless network, so unless you have this script running all the time and suppressing any error messages, its probably not very effective. |
Making it usable
Quote:
|
Quote:
|
osascript -e "'tell application 'finder'" -e "activate" -e "end tell"
I believe this is how you execute applescripts from within a shell |
Quote:
|
Hah!
Nothing good comes of posting too early in the testing phase.
Essentially, everything I had blew up in my face today. *However*, I have not given up, and will post here when I have something useful to post. Meaning "other than 'Ooo, lookie what I made work except that it doesn't really work after all!'" :::grumble::: Sorry about that, guys. |
|
I got some information today that we may be migrating to WPA or something else so I was looking back into this, and I found this on google. It is an apple script, which I am not too keen on running in my environment since it runs in the gui with the user present, but I think it may be a good solution over all.
Code:
set CertName to "your.cert"Anyone here ever try this stuff? |
| All times are GMT -5. The time now is 08:01 PM. |
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.
Site design © IDG Consumer & SMB; individuals retain copyright of their postings
but consent to the possible use of their material in other areas of IDG Consumer & SMB.