LISTSERV - CLEANACCESS Archives - LISTSERV.MIAMIOH.EDU

CLEANACCESS Archives

May 2006

CLEANACCESS@LISTSERV.MIAMIOH.EDU

	LISTSERV Archives
	CLEANACCESS Home
	CLEANACCESS May 2006

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	A script to automate Cisco Clean Access logins
From:	"Joyce, Todd N" <[log in to unmask]>
Reply To:	Perfigo SecureSmart and CleanMachines Discussion List <[log in to unmask]>
Date:	Mon, 15 May 2006 07:48:43 -0400
Content-Type:	text/plain
Parts/Attachments:	text/plain (77 lines)

Now if someone would hire this guy to write a client for the mac so that
we can check for all the new vulnerabilities that came out over the
weekend.

Todd



Subject: Re: A script to automate Cisco Clean Access logins



A script to automate Cisco Clean Access logins
Thu, May 11 '06 at 07:30AM
from: macowell

I'm currently a student at Davidson College. The school currently
protects its network with a program called Cisco Clean
Access. A compulsory client exists for XP machines that enforces all
sorts of local policies (like running a virus
scanner) before automatically providing the machine access to the campus
network after the user provides their login
name and password.

On non-XP machines, a user has to provide their credentials via a
web-based form before access to the network is granted. I have a MacBook
Pro, and I've gotten really sick of having to re-login to the campus
network (both Ethernet and wifi) via this webform every time my computer
goes to sleep or I change locations. So, I've managed to write a bash
script that uses curl to log me in through the web forms.

Thanks to some amazing work by macrumors forum member Wombert, I've also
found a way to have it activate automatically, any time the campus wifi
network SSID is detected. This automation avoids heavy-handed!
  cron jobs by leveraging two OS X features, configd and Kicker.xml.
(There's a previous hint here that relies on AppleScript and iCal
scheduling.)

Now the script and Kicker.xml transparently log me onto our campus
network, and hence the internet, any time my computer senses a preset
group of SSIDs. The curl commands are specific to Cisco Clean Access,
but they could easily be adapted to other environments where users must
login through web forms, making this script potentially 
broadly useful.

One downside to the script right now is that it stores the username and
password in plaintext. Perhaps someone 
could make this part more secure with more sophisticated code.
Instructions are included in the comments of the 
script. To use the script, just copy and paste into a .sh file, and make
it executable. You can also see it all marked up at pastebin.com.


[robg adds: I have not tested this one...]



------------------------------------------------------------
Comment on this story at
http://www.macosxhints.com/article.php?story=20060506184128453#comments






Todd Joyce
Network Services
Radford University - The Smart Choice
[log in to unmask]
(540) 831-7777
 
Keep your boots and ChapStick and ice hotels.
Give me shorts and sandals and a thirty-blocker.

Temperance Brennan - Monday Mourning

ATOM RSS1 RSS2

LISTSERV.MIAMIOH.EDU