#!/usr/bin/expect -f # # Language: Expect # # Filename: /usr/local/etc/symbolws2000radius.exp # # Purpose: This is an Expect script that will login to a Motorola (formerly # Symbol) WS2000 Wireless LAN Switch v1.x and modify the RADIUS servers # used for 802.1x EAP authentication of the corporate ESSID/WLAN. # # Author: Michael McNamara # # Date: February 21, 2014 # # Version: 1.0 # # Changes: # February 24, 2014 (M.McNamara) v1.1 - issue with enable prompt changing, # abstract prompt in a varaible to account for all possibilities. # # License: # Copyright (C) 2010 Michael McNamara (mfm@michaelfmcnamara.com) # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # Variables set PATH "/usr/local/etc" set TELNET "/usr/bin/telnet" set SWITCH [lindex $argv 0] set USERNAME admin set PASSWORDS {password1 password2 password3} set PINDEX 0 # Which Wireless LAN are we going to change? set WLAN_IDX 2 # RADIUS/NPS Servers set RADIUS1 10.1.1.1 set RADIUS2 10.1.1.2 set PROMPTS "(%|#|cli\>|admin\>|\$|\-\-\-\>)" set TODAY [timestamp -format %y%m%d ] set WEEKDAY [timestamp -format %a ] set DATE [timestamp -format %c ] stty -echo log_file $PATH/logs/$SWITCH.radius.log log_user 0 # Disable logging to STDOUT #log_user 1 # Enable logging to STDOUT # Useful information out to logfile send_log "*********************************************************************\r\n" send_log "Starting logfile for $SWITCH on $DATE\r\n" send_log "*********************************************************************\r\n" set timeout 30 spawn $TELNET $SWITCH expect { "Connected to" { expect "login:" send -- "$USERNAME\r" expect -exact "assword:" send -- "[lindex $PASSWORDS $PINDEX]\r" expect { "Login incorrect" { send_user "\nDEBUG: Login failed with $USERNAME [lindex $PASSWORDS $PINDEX] on $SWITCH\n" send_log "\nDEBUG: Login failed with $USERNAME [lindex $PASSWORDS $PINDEX] on $SWITCH\n" incr PINDEX if {$PINDEX == [llength $PASSWORDS]} { send_user "ERROR: PASSWORD ISSUE WITH $SWITCH - UNABLE TO LOGIN!\n" send_log "*********************************************************************\r\n" send_log "End of logfile for $SWITCH on $DATE \r\n" send_log "*********************************************************************\r\n" exit } expect "login:" send -- "$USERNAME\r" expect -exact "assword:" send -- "[lindex $PASSWORDS $PINDEX]\r" exp_continue } "admin>" { send -- "network\r" expect -re $PROMPTS send -- "wlan\r" expect -re $PROMPTS send -- "show eap $WLAN_IDX\r" expect -re $PROMPTS #################################################################### # REMOVE THE FOLLOWING # FROM THE FILE TO ACTUALLY MAKE THE CHANGES #################################################################### # REMOVE THE FOLLOWING # FROM THE FILE TO ACTUALLY MAKE THE CHANGES #################################################################### send -- "set eap server $WLAN_IDX 1 $RADIUS1\r" expect -re $PROMPTS send -- "set eap server $WLAN_IDX 2 $RADIUS2\r" expect -re $PROMPTS send -- "show eap $WLAN_IDX\r" expect -re $PROMPTS send -- "save\r" expect -re $PROMPTS #################################################################### send -- "quit\r" expect eof } } } "No route to host" { send_log "ERROR: Unable to connect to $SWITCH via telnet!\n" send_user "ERORR: Unable to connect to $SWITCH via telnet!\n" } } send_log "*********************************************************************\r\n" send_log "End of logfile for $SWITCH on $DATE \r\n" send_log "*********************************************************************\r\n" exit 0