Last active
April 30, 2024 15:05
-
-
Save apizz/e57763c316ad2554cc4d09c397f328ab to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
##### | |
# OSX Machine auth for 802.1x profile | |
# get AD machine user/pass and put into 802.1x profile template | |
# install the profile | |
# | |
# sed has it's own uses for '&' and '\' in replacements | |
# and the randomly generated password sometimes has them | |
# So, trap and escape them before feeding into sed | |
# | |
# put the hostname in 'host/computer_name.yourdomain.com' format | |
# | |
# Originally by DP ~2012 | |
# added traps and hostname modification | |
# thp 7/16/14 | |
# | |
# Added escape & substitution for password profile insertion | |
# AP 12/26/17 | |
# | |
# Add last missing escape for '/' | |
# AP 08/17/18 | |
# | |
##### | |
DOMAIN="yourdomain.com" | |
FOREST="YourForest" | |
PASS=$(sudo /usr/bin/security find-generic-password -s "/Active Directory/${FOREST}" -w /Library/Keychains/System.keychain) | |
USER=$(/usr/sbin/dsconfigad -show | /usr/bin/awk '/Computer *Account/ { print $4 }') | |
LOG="/Library/Logs/WifiMachineAuthInstalls.log" | |
writelog () { | |
/bin/echo $(/bin/date "+%Y-%m-%d %H:%M:%S") "${1}" >> "$LOG" | |
} | |
# trap '\' and escape them | |
if [[ ${PASS} =~ '\' ]]; then | |
PASS=$(/bin/echo "$PASS" | /usr/bin/sed 's/\\/\\\\/g') | |
writelog "Found '\' - escaping character" | |
fi | |
# trap '/' and escape them | |
if [[ ${PASS} =~ '/' ]]; then | |
PASS=$(/bin/echo "$PASS" | /usr/bin/sed 's/\//\\\//g') | |
writelog "Found '\' - escaping character" | |
fi | |
# trap '&' and escape them | |
if [[ ${PASS} =~ '&' ]]; then | |
PASS=$(/bin/echo "$PASS" | /usr/bin/sed 's/&/\\\&/g') | |
writelog "Found '&' - escaping character" | |
fi | |
# trap '<' and escape them | |
if [[ ${PASS} =~ '<' ]]; then | |
PASS=$(/bin/echo "$PASS" | /usr/bin/sed 's/</\\\</g') | |
writelog "Found '<' - escaping character" | |
fi | |
# trap '>' and escape them | |
if [[ ${PASS} =~ '>' ]]; then | |
PASS=$(/bin/echo "$PASS" | /usr/bin/sed 's/>/\\\>/g') | |
writelog "Found '>' - escaping character" | |
fi | |
# format profile username as host name | |
USER=$(/bin/echo $USER | /usr/bin/tr -d '$') | |
USER="host\/${USER}.${DOMAIN}" | |
# change template file, path and profile name | |
PROPATH='/Library/Scripts' | |
PROFILE='Profile_Name.mobileconfig' | |
/usr/bin/sed -i .bak 's/TESTPASS/'${PASS}'/' ${PROPATH}/${PROFILE} | |
/usr/bin/sed -i .bak 's/TESTUSER/'${USER}'/' ${PROPATH}/${PROFILE} | |
# installs profile | |
writelog "Installing Wifi Machine Auth Profile …" | |
/usr/bin/profiles -I -F ${PROPATH}/${PROFILE} | |
RESULT=$(/bin/echo $?) | |
/bin/rm -f ${PROPATH}/${PROFILE}.bak | |
if [ "$RESULT" = 0 ]; then | |
writelog "Wifi Machine Auth Profile Install: Successful!" | |
/bin/rm -rf ${PROPATH}/${PROFILE} | |
else | |
writelog "Wifi Machine Auth Profile Install: Failed." | |
fi | |
exit $RESULT |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The updated script correctly escapes all special characters - &, >, <, etc. - that has to be specially formatted in XML in order to be processed correctly.