#!/usr/bin/expect -f # # Language: Expect # # Filename: /usr/local/etc/motorolarfs4000radius.exp # # Purpose: This is an Expect script that will login to a Motorola (formerly # Symbol) RFS4000 Wireless LAN Switch v4.x and modify the RADIUS servers # used for 802.1x EAP authentication of the corporate ESSID/WLAN. # # Author: Michael McNamara (mfm@michaelfmcnamara.com) # # Date: February 21, 2014 # # Version: 1.1 # # Changes: # February 25, 2014 (M.McNamara) v1.1 - disable StrictHostKeyChecking so the # the initial SSH connection doesn't generate a yes/no dialog which # could hang up the Expect script. # # February 24, 2014 (M.McNamara) v1.0 - issue with enable prompt changing, # abstract prompt in a varaible to account for all possibilities. # # License: # Copyright (C) 2014 Michael McNamara (mfm@michaelfmcnamara.com) # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # Variables set PATH "/usr/local/etc" set TELNET "/usr/bin/telnet" set SSH "/usr/bin/ssh" set SSH_OPTIONS "-o StrictHostKeyChecking=no" set SWITCH [lindex $argv 0] set USERNAME admin set PASSWORDS {password1 password2 password3} set PINDEX 0 # Which Wireless LAN are we going to change? set WLAN_IDX 2 # RADIUS/NPS Servers set RADIUS1 10.1.1.1 set RADIUS2 10.1.1.2 set PROMPTS "(%|#|cli\>|admin\>|\$|\-\-\-\>)" set TODAY [timestamp -format %y%m%d ] set WEEKDAY [timestamp -format %a ] set DATE [timestamp -format %c ] stty -echo # Setup the logging log_file $PATH/logs/$SWITCH.radius.log log_user 0 # Disable logging to STDOUT #log_user 1 # Enable logging to STDOUT # Useful information out to logfile send_log "*********************************************************************\r\n" send_log "Starting logfile for $SWITCH on $DATE\r\n" send_log "*********************************************************************\r\n" # Set the timeout to 30 seconds for the following commands set timeout 30 # Spawn an SSH connection to the switch spawn $SSH $SSH_OPTIONS $USERNAME@$SWITCH expect { "yes/no" { send "yes\r" } "User Access Verification" { expect "*?sername:" send -- "$USERNAME\r" expect -exact "assword:" send -- "[lindex $PASSWORDS $PINDEX]\r" expect { "Incorrect Login" { send_user "\nDEBUG: Login failed with $USERNAME [lindex $PASSWORDS $PINDEX] on $SWITCH\n" send_log "\nDEBUG: Login failed with $USERNAME [lindex $PASSWORDS $PINDEX] on $SWITCH\n" incr PINDEX if {$PINDEX == [llength $PASSWORDS]} { send_user "ERROR: PASSWORD ISSUE WITH $SWITCH - UNABLE TO LOGIN!\n" send_log "*********************************************************************\r\n" send_log "End of logfile for $SWITCH on $DATE \r\n" send_log "*********************************************************************\r\n" exit } expect "*?sername:" send -- "$USERNAME\r" expect -exact "assword:" send -- "[lindex $PASSWORDS $PINDEX]\r" exp_continue } ">" { send -- "terminal length 0\r" expect -re $PROMPTS send -- "enable\r" expect -re $PROMPTS send -- "show wireless mobile-unit\r" expect -re $PROMPTS send -- "show wireless wlan config $WLAN_IDX\r" expect -re $PROMPTS ##################################################################### # REMOVE THE FOLLOWING # FROM THE FILE TO ACTUALLY MAKE THE CHANGES ##################################################################### # REMOVE THE FOLLOWING # FROM THE FILE TO ACTUALLY MAKE THE CHANGES ##################################################################### send -- "config t\r" expect -re $PROMPTS send -- "wireless\r" expect -re $PROMPTS send -- "wlan $WLAN_IDX radius server primary $RADIUS1\r" expect -re $PROMPTS send -- "wlan $WLAN_IDX radius server secondary $RADIUS2\r" expect -re $PROMPTS send -- "exit\r" expect -re $PROMPTS send -- "show wireless wlan config $WLAN_IDX\r" expect -re $PROMPTS send -- "write mem\r" expect -re $PROMPTS ##################################################################### send -- "quit\r" expect eof } } } "No route to host" { send_log "ERROR: Unable to connect to $SWITCH via telnet!\n" send_user "ERORR: Unable to connect to $SWITCH via telnet!\n" } } send_log "*********************************************************************\r\n" send_log "End of logfile for $SWITCH on $DATE \r\n" send_log "*********************************************************************\r\n" exit 0