Created
September 26, 2018 14:17
-
-
Save EVODelavega/1e45c0ec394d467a0dad7c88686f7984 to your computer and use it in GitHub Desktop.
script to configure enterprise network (no certs only)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
ssid="network-SSID" | |
name="" | |
# identity="me-i-am-that-person" | |
identity="" | |
key_mgmt="weap-eap" # probably static | |
eap_auth="peap" | |
phase2="mschapv2" | |
dry_run=false | |
colour_red='\033[1;31m' | |
colour_orange='\033[0;33m' | |
colour_end='\033[0m' | |
usage() { | |
cat <<-__EOF_ | |
${0##*/}: configure new enterprise network connection | |
-s SSID : the network-SSID | |
-n name : Conection name, if none is given, the SSID will be unstaged | |
-e eap auth : TLS, tunneled TLS, etc.. (default: peap) | |
-k key-management : type of key management (default: weap-eap) | |
-p phase 2 : auto, MSCHAPV2, etc... (default: mschapv2) | |
-i identity : your identity (defaults to $(whoami)) | |
-d : dry-run (show raw command output) | |
-h : display this message | |
Example: | |
${0##*/} -s foo -d | |
Output: | |
nmcli connection add \\ | |
type wifi con-name "foo" ifname wlp3s0 ssid "foo" -- \\ | |
wifi-sec.key-mgmt weap-eap 802-1x.eap peap \\ | |
802-1x.phase2-auth mschapv2 802-1x.identity "$(whoami)" | |
__EOF_ | |
} | |
while getopts :s:n:e:k:p:i:dh f; do | |
case $f in | |
s) | |
ssid="${OPTARG}" | |
;; | |
n) | |
name="${OPTARG}" | |
;; | |
e) | |
eap_auth="${OPTARG}" | |
;; | |
k) | |
key_mgmt="${OPTARG}" | |
;; | |
p) | |
phase2="${OPTARG}" | |
;; | |
i) | |
identity="${OPTARG}" | |
;; | |
d) | |
dry_run=true | |
;; | |
h) | |
usage | |
exit 0 | |
;; | |
*) | |
echo -e "${colour_red}ERR: ${colour_end}${colour_orange}Unknown flag/opt: ${f} ${OPTARG}${colour_end}" | |
usage | |
exit 1 | |
;; | |
esac | |
done | |
## default to SSID for name | |
[ -z "${name}" ] && name="${ssid}" | |
## default identity to whoami | |
[ -z "${identity}" ] && identity=$(whoami) | |
if $dry_run ; then | |
cat <<-__EOD_ | |
nmcli connection add \\ | |
type wifi con-name "${name}" ifname wlp3s0 ssid "${ssid}" -- \\ | |
wifi-sec.key-mgmt ${key_mgmt} 802-1x.eap ${eap_auth} \\ | |
802-1x.phase2-auth ${phase2} 802-1x.identity "${identity}" | |
__EOD_ | |
exit | |
fi | |
## Should be safe...? | |
nmcli connection add \ | |
type wifi con-name "${name}" ifname wlp3s0 ssid "${ssid}" -- \ | |
wifi-sec.key-mgmt ${key_mgmt} 802-1x.eap ${eap_auth} \ | |
802-1x.phase2-auth ${phase2} 802-1x.identity "${identity}" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment