Reputation:
I am currently working as a school technician, and I am writing a shell script that will automatically configure the school wireless to a Mac to automate this process for the multiple BYOD and staff Macs I'll be configuring. This involves
Importing security certificates into the keychain
Inserting the following settings into this dialogue box here to connect to the network
Create a new network location called "school"
Configure the proxy via a wpad file under "Automatic Proxy Configuraton"
If it is a teacher's laptop and they request it, make a new location called "YouTube" and put in the proxy settings allowing YouTube access under "Web Proxy"
The first approach I took was to import the security certificates (a root certificate authority and an intermediate certificate authority) via the security command. However, I realised that there wasn't going to be a way to configure the popup box that comes up to configure the WiFi settings when connecting to it for the first time (Selecting EAP-TLS as connection mode, certificate, and inserting username). And using
networksetup -setairportnetwork en1 eduSTAR
to attempt to get the dialogue box to show up didn't work. I am well aware of the hidden
airport
command but there is no apparent way to connect to a wifi network through this command. The only other way I can think of is to use GUI scripting via AppleScript and I am trying to avoid this method as UI changes between OS releases would render the script unusable.
Today, I discovered that I could import a .mobileconfig file into Network Settings through the GUI of network settings and that would take care of everything (including the wdap proxy configuration), and I also discovered prior to that the networksetup command had an option to import an 802.1x profile.
networksetup -import8021xProfiles [service path]
The import option in Network Settings didn't allow me to directly import the .mobileconfig file, but I could import the settings by double clicking on the file itself. Turns out the actual file is a .networkconnect file, but the point is moot because apparently, starting from 10.7, the command is no longer supported
Use a configuration profile to install 802.1X profiles on the system.
** Error: This command is no longer supported.
So now, my questions are as followed:
How do I import the .networkconnect / .mobileconfig file into network settings through OS X terminal on 10.7 and above without using GUI scripting?
How do I connect to the network after the import through terminal?
Upvotes: 5
Views: 5892
Reputation: 21
To import a .mobileconfig command, use the /usr/bin/profiles command. networksetup is only used for importing system profiles for 10.6 and earlier.
profiles -I -F filename.mobileconfig
When a mobileconfig is imported it will automatically attempt to connect, but profiles (unlike networksetup) AFAIK cannot change the priority order of SSIDs.
It's not what you're after here, but if you have Macs that are members of your AD domain and have an AD integrated CA, you can use the mactls shell script to automate issuing of certificates as well as connection profiles. It might also be a useful comparison of how different the system profile approaches are between 10.6 and 10.7.
http://sourceforge.net/p/mactls/
Upvotes: 2