by Josh Wisenbaker, Head of Engineering
As we have been pushing to the initial 1.0 release of NoMAD Login AD a surprising topic has come up quite a bit. Many admins are asking what the differences are between the different types of user accounts on macOS. By account type, we aren’t talking about the difference between an admin and user, but between local, network, or mobile. All of these account types have existed on macOS for a long time, but there are still many nuances that can trip you up at first.
The NoMAD product line knows how to deal with these account types in order to keep things moving along in your deployment. In light of some of the confusion that is out there about what makes each account type unique, we’ve prepared a quick primer on them. Each of these sections describes the different sort of user accounts that you can have on macOS and features that are unique to each of them.
This started off as a smaller update, then got bigger…
Some cool new features, a few bug fixes, and then a big new feature that we know will evolve some over time. In addition, NoMAD is now all in Swift 4 and all the warnings in Xcode are gone. You can thank Josh for that work.
- Fewer password prompts when updating keychain items. In fact… you should have no password prompts.
- We dug deep into Kerberos and should have squashed the annoying “Domain not set” issue when attempting to change your password through NoMAD for the first time.
- Recursive group search works with “,” in user names.
- Allow for both and expired AD password and a non-matching local password at the same time.
- Better handling of the current date when looking for UPC alerts. This should minimize erroneous UPC Alerts.
- Better handling of when your SSL Cert template doesn’t actually exist on the Windows CA.
- Match any keychain item account for updates with
- When using UPCAlerts and a URL for the password change type, NoMAD will check for new passwords every 30 seconds for 15 minutes to catch the new password change even faster.
- The Sign In window is now unable to be closed if
SignInAlert is set and the user has not signed in at least once.
- The current AD site being used is written out to the preference file.
- Known bad domain controllers can be blocked by listing them as an array of FQDNs in
- A new pref key,
DontShowWelcomeDefaultOff will pre-tick the “Don’t show again” box on the welcome screen so users won’t have to do it themselves when it first appears.
UseKeychainPrompt will now show the Sign In window whenever the user does not have a password in the keychain, even if the user has signed in before.
- Certs pulled via NoMAD can have
eapolclient added to them with the use of the
We thought this would take us a bit longer… but NoMAD now includes a full actions menu which can hold as many “actions” as you’d like. Each action is a customized menu item that can have scripts and other built in actions behind it. Each item can have multiple actions chained together plus the ability to show or hide the item and even put red/yellow/green dots next to the items.
This is a fairly robust way of putting as many custom menu items as you’d like into a submenu in NoMAD.
You can read all about it here
This is a minor update to NoMAD mainly to correct some issues with certificate retrieval.
Updates in this release:
- fix for pulling certs too often when GetCertAutomatically is set
- fix for LDAPServerList not working
- remove build numbers from UI since builds are now in version number
If you are not using LDAPServerList or GetCertAutomatically there is not much need to update.
NoMAD 1.1.1 is a minor updated incorporate a few new features and some bug fixes.
- Norwegian and Croatian localizations have been added.
- NoMAD now supports sites with no DCs listed better. NoMAD will fall back on the globally available DCs.
- Better support for < 10.12 systems with the Welcome Screen.
- NoMAD is now developed in Xcode 9 and Swift 3.2.
- MenuFileServers – Sets the menu item title for the File Servers menu.
UseKeychainPrompt – Boolean – Prompts the user to sign into NoMAD at least once so that the password can be set in the keychain. This is typically used with bound systems and mobile accounts.
- Fix for file shares with spaces.
MessageUPCAlert – String – Allows you to customize the UPCAlert notification text.
- Fix for expired certificates causing a crash.
- Fix for non-automounted shares not being able to be manually mounted.
AutoRenewCert – Integer – Key to specify the number of days to go on a cert before automatically renewing it.
- Support for multiple Chrome domains with
We’re excited to announce that NoMAD 1.1 is available! Here’s an overview of what’s changed.
- Shares Menu – this is our biggest new feature since the initial launch of NoMAD almost a year ago. The Shares Menu allows you to provide a number of file shares for your users and mount them as needed based upon group membership and with variable substitution in the URLs.
- Keychain Item synching – NoMAD will updated a collection of Keychain items each time the user changes his or her password in AD.
- 802.1x TLS profiles – NoMAD can associate a user cert from AD with an 802.1x wireless profile.
- Welcome window – first time users of NoMAD can be shown a standard introduction to what NoMAD is, or get a custom HTML page that’s specific for your environment.
- Recursive group lookups – you can specify all groups to be returned, including nested groups. Note that this may increase look up times.
- FirstRunDone – in conjunction with the Welcome window, you can now know when the first time NoMAD has run.
- Anonymous LDAP – NoMAD can now be functional in non-AD environments that have anonymous binding.
- Open Directory Support – there is now a specific setting for OD to handle the differences between OD and other forms of LDAP servers.
- Sign In Window changes – the sign in window can be excluded from automatically showing for certain users. This is particular handy for when you login to a machine as a local admin and do not want to be pestered by the NoMAD Sign In window constantly popping up. On the other hand, NoMAD can now be configured to make the Sign In window pop to the front of all windows in the Finder on a regular basis for users that either forget to sign in or are actively trying to ignore signing in.
- More user attributes – NoMAD will now record a users’s e-mail address and UPN from his or her AD account and store this in NoMAD’s preference file.
- Fix for High Sierra not updating passwords in AD when changing the password for Mobile Accounts.
- Russian localization
- Some updates to having NoMAD use more of the Kerberos APIs for things like determining which of your current Kerberos tickets is your default.
Please see our knowledge base article on all preferences to see the new ones for 1.1 that can manage these settings.