Auto connect 802.1x network using the selected profile in terminal or by code

App & System Services Networking
iLemonRain OP
Created 5d
Replies 7
Boosts 0
Views 185
Participants 2

Hello. I'm developing on a cross-platform app to help user connect enterprise network and found it difficult in macOS.

The issue is, I guided user to install profile, but the authentication won't start immediately even the cable is plugged in or the WLAN is connected. There is still some manual operation to be done:

  • Ethernet: Select the correct profile, and click the Connect button.
  • Wlan: Click the Connect button. (The profile contains SSID so need't select the correct profile)

Obviously, the operation is still not easy for users to understand and follow. So, is there any method to auto connect 802.1x network using the selected profile in terminal or by code? I mean, the manual operation is not necessary, maybe you can tell me a better solution.

BTW, I found it possible to connect WLAN and auto select the correct profile by using this command networksetup -setairportnetwork en1 MY_SSID, but it could be very slow since the authentication seemed start 30 sec after connecting the SSID. So I believe it not the best solution.

Answered by DTS Engineer in 827647022
Written by iLemonRain in 827585022
Unfortunately we do't have an MDM

Honestly, I think that’s the easiest path to a solution here. You can write code to do this, but it’s likely that you will run into roadblocks. You have to consider whether it’s better to spend your time getting around those roadblocks or spend your time rolling out an MDM system. My guess is that, in long term, MDM will be a better bet.

Anyway, it might be possible to get things working using the Core WLAN framework. It has APIs to create configurations from scratch and also to trigger an association. There are two approaches you could try out:

  • Continue installing a profile as you’re currently doing, and then forcing the association using Core WLAN.

  • Using Core WLAN to both create the profile and force the association.

I don’t have enough experience with Core WLAN in enterprise setups to know whether this will work or not. But if you’re committed to not using MDM, that’s the second best path forward.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Replies  7
Boosts  0
Views  185
Participants  2
DTS Engineer OP
Apple
5d
Written by iLemonRain in 775664021
I guided user to install profile

Manually? Or are you pushing the profile using an MDM system?

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0
iLemonRain OP
4d

THANKS. Unfortunately we do't have an MDM, and our steps is

  1. Develop an APP for users.
  2. Users log into the APP and download their profile for 802.1X auth.
  3. Install the profile manually(double click to install)
  4. connect to the cable or the specific SSID
  5. start auto-authentication.

The problem is users have to select the profile and click CONNECT or something to auth at the first time. That's why I said MANUALLY.

That could be a confusing operation. Writing a guidance is still hard to understand for some users. So I'm searching a way to help them bypass CLICKING the CONNECT BUTTON by command or coding.

0
DTS Engineer OP
Apple
4d
Recommended
Written by iLemonRain in 827585022
Unfortunately we do't have an MDM

Honestly, I think that’s the easiest path to a solution here. You can write code to do this, but it’s likely that you will run into roadblocks. You have to consider whether it’s better to spend your time getting around those roadblocks or spend your time rolling out an MDM system. My guess is that, in long term, MDM will be a better bet.

Anyway, it might be possible to get things working using the Core WLAN framework. It has APIs to create configurations from scratch and also to trigger an association. There are two approaches you could try out:

  • Continue installing a profile as you’re currently doing, and then forcing the association using Core WLAN.

  • Using Core WLAN to both create the profile and force the association.

I don’t have enough experience with Core WLAN in enterprise setups to know whether this will work or not. But if you’re committed to not using MDM, that’s the second best path forward.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0
iLemonRain OP
3d

I agree with you(MDM will be a better bet), but we had a tight budget, or just not see it a choice in short time. Besides, some employees prefer to use their own computer to complete their work, which is not suitable for using MDM.

Anyway, thank you a lot and there are still two issues.

  1. I considered to use CoreWLAN associateToNetwork:password:error:. However, it still took about 30 seconds to connect SSID. Since there is nothing like PROFILE in input params, so I see it has no difference with running command networksetup -setairportnetwork en1 myssid. Do you have any idea or tell me to use the correct function?
  2. At least there is a CoreWLAN class. How to deal with the ethernet connection problem? Now it stucks at the step that must choose profile and click connect.
0
iLemonRain OP
3d
Written by DTS Engineer in 827647022
I don’t have enough experience with Core WLAN in enterprise setups to know whether this will work or not.

And if possible, would you like to help me contact a specialist to work out a solution? I believe an interface could be a common need since it could be a simple method to access enterprise network.

I saw some content about CWConfiguration in the CoreWLAN Guidance but not sure if it is related to the profiles command in macOS.

0
DTS Engineer OP
Apple
3d
Written by iLemonRain in 827769022
And if possible, would you like to help me contact a specialist to work out a solution?

I’m not sure what you mean by “specialist”:

  • If you’re talking about someone from Apple, I suspect your best option is to seek help via Apple Support’s enterprise support mechanism.

  • If you’re talking about a third-party consultant then, sorry, I’m not able to help with that. DTS doesn’t provide such recommendations as a matter of policy.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0
iLemonRain OP
3d
Written by DTS Engineer in 827788022
specialist

Sorry for my grammar makes you fell confused.

Well, I'm just seeking someone know more about CoreWLAN interface and hope he could teach us a precious lesson. It's pretty easy to accomplish that on Windows or Ubuntu, I mean, just by some commands or asking AI assistant. But I haven't find a usable command or an interface on that, so it's your show time.

I have told our guys to do something about MDM...But MDM system will deal with the profile pushing and installing procedure for sure. Will that solve the problem that users must click "CONNECT" when first connect to the SSID or plugin the cable?

0
Auto connect 802.1x network using the selected profile in terminal or by code
First post date Last post date
 
 
Q