Ubuntu – Block connections to open WiFi networks

network-managernetworkingwireless

My users are using Ubuntu on corporate laptops. They don't have sudo permissions. IT security policy deny connections to open WiFi networks. How to setup Network Manager to deny connections to that networks and permit connections only to encrypted wireless networks?

Users will connect to random wifi. I don't want to restrict connections only to known wifi networks.

Best Answer

There is a directory /etc/network/if-up.d. Scripts in this directory are runs when new connection are established. I write script that checks connection mode of wifi network and if it's Open or WEP connection is dropped.

#!/bin/bash

encryption=$(wpa_cli status | grep pairwise_cipher | cut -d "=" -f 2)
wifiname=$(wpa_cli status | grep -w ssid | cut -d "=" -f 2)
interface=$(wpa_cli status | grep interface | cut -d " " -f 3 | tr -d "'")

if [[ $encryption == WEP* ]]; then
    nmcli device disconnect $interface
fi
if [[ $encryption == NONE ]]; then
    nmcli device disconnect $interface
fi

Related Solutions

Ubuntu – Intel Dual Band Wireless-AC 7260 keeps dropping wifi

This is what support told me to do to fix it, it worked somewhat until a new kernel came out. It looks like every time a new kernel is installed in linux the 5ghz band becomes unstable and gets dropped after a couple seconds or minutes

Support Case: My wifi on my laptop keeps dropping the 5ghz network. Product Model: gazp9

When I see the World regulatory domain updated, I'm led to believe that you are lacking a recent firmware update that should help with some of the issues with the card. There are actually two parts to the update. One was a kernel, and the other was firmware in the OS and should be coming in with your regular updates.

if you're unsure about things, you can certainly open a terminal and perform the following commands

sudo apt-get update
sudo apt-get upgrade
sudo apt-get dist-upgrade

When done, fully reboot your system.

I also had to change my World regulatory domain to the US see below:

rt@simon:/tmp$ iw reg get
country 00:
    (2402 - 2472 @ 40), (3, 20)
    (2457 - 2482 @ 40), (3, 20), PASSIVE-SCAN, NO-IBSS
    (2474 - 2494 @ 20), (3, 20), NO-OFDM, PASSIVE-SCAN, NO-IBSS
    (5170 - 5250 @ 40), (3, 20), PASSIVE-SCAN, NO-IBSS
    (5735 - 5835 @ 40), (3, 20), PASSIVE-SCAN, NO-IBSS


rt@simon:/tmp$ sudo iw reg set US
[sudo] password for rt: 
rt@simon:/tmp$ iw reg get
country US:
    (2402 - 2472 @ 40), (3, 27)
    (5170 - 5250 @ 40), (3, 17)
    (5250 - 5330 @ 40), (3, 20), DFS
    (5490 - 5600 @ 40), (3, 20), DFS
    (5650 - 5710 @ 40), (3, 20), DFS
    (5735 - 5835 @ 40), (3, 30)
    (57240 - 63720 @ 2160), (N/A, 40)
rt@simon:/tmp$

Ubuntu – How to lock down connecting to a specific WiFi

1) How can I disable the WiFi card on the motherboard?

To me that would be from BIOS. On-board devices should have an option to disable them.

2) How can I set my USB wireless to connect using only a specific connection?

Connections are only established with connection you provide a password for. If the guest network is strong and known it probably will pick this up. Dropping the password for it might be an option where you will need to manually input the password when you want to connect to it (and not safe the password).

Here is a method of disabling network manager for a specific MAC address: How can I make NetworkManager ignore my wireless card? You should be able to use this to make the guest network "un-managed" so Network Manager ignores it (another one about this).

Best Answer

Related Solutions

Ubuntu – Intel Dual Band Wireless-AC 7260 keeps dropping wifi

Ubuntu – How to lock down connecting to a specific WiFi

Related Question