NoMAD 1.0.4
We’re excited to announce the release of NoMAD 1.0.4 today.
This release picks up a few bugs from 1.0.3, adds another localization, gives more options on how to display the password expiration countdown, and then implements a fairly comprehensive new set of password policies. You can find the complete list of issues here.
A few highlights:
- Password countdown – If you don’t want to see it, you can hide the password expiration countdown regardless of if the user’s password is set to expire in AD. You can do this via
defaults write com.trusourcelabs.NoMAD HideExpiration 1
. On the other hand… if you want to see the countdown more often, you can set that as well so that NoMAD will keep the countdown in the menu bar even if the user is not logged into AD. You can set this bydefaults write com.trusourcelabs.NoMAD PersistExpiration 1
. - UI changes – You can now close all windows with cmd-W, we’d not even realized we weren’t doing that. Now it’s fixed. Also there’s a spinner that shows up when you’re logging in or changing your password. This give the user some better feedback that something’s going on under the covers.
- Spaces in names – You may not have realized, but NoMAD supports users with a space in their short name. I didn’t realize that AD even allowed that, but it does… Now NoMAD supports spaces in the home share as well.
- Prompting users to sign in – NoMAD can now put up a Sign In window after launch as soon as the domain is reachable and a user isn’t already signed in. You can use this for prompting your users to sign in after logging into their Mac. Enable this with
defaults write com.trusourcelabs.NoMAD SignInWindowOnLaunch 1
. - Ignoring password sync – It’s possible to want NoMAD to sync the AD password down onto the local user, but not want that all the time. Now you have two ways of doing this. First you can use the alternative Sign In, by holding down control-option when clicking the NoMAD menu. When signing in this way, no synchronization will be done. You can then sign out, and the original Kerberos credential will be intact. Secondly you can tell NoMAD to only sync passwords when the AD name matches the local user name. Enable this with
defaults write com.trusourcelabs.NoMAD LocalPasswordSyncOnMatchOnly 1
. - Password policies – This is probably the biggest new feature of 1.0.4. You can now tell NoMAD what your AD password policy is and NoMAD will ensure that’s met before allowing the user to change their password. You can set this policy by
defaults write com.trusourcelabs.NoMAD PasswordPolicy -dict minLength 6 minUpperCase 2 minLowerCase 2 minNumber 2 minSymbol 1
and then the user will get red and green dots next to the passwords in the Change Password window.Mousing over the colors will then tell the user exactly what part of the policy the password is not meeting. The Change Password button will only be enabled when the password meets the policy. In addition NoMAD will now ensure the new password can actually be set locally, if you have password syncing enabled, and alert the user that the password isn’t compliant.
We’ve also updated the list of preference keys for all of the new 1.0.4 versions.
Keep the feature requests coming, and we’ll keep making NoMAD better!
Finding forced preferences
Most NoMAD users are pushing preferences via configuration profiles. This is a great thing, but does make troubleshooting a bit tougher as the defaults
command won’t show what keys are forced.
So… have a look at pref-finder
.
Launch the tool and specify a preference domain you want to look at. You’ll be able to see all of the keys for that domain, check just a single key, check if a key is forced, or what most people will use it for, show all forced keys for a particular domain.
pref-finder -d com.trusourcelabs.NoMAD -k LastUser -f -F -a
It has a project page, and can be downloaded here.
Apple Events
NoMAD 1.0.3 responds to a number of Apple Events that you can send it from the CLI and other methods.
Current Actions
- nomad://open – launches the application
- nomad://signin – opens the sign in dialog if the system is on the domain and a user is not already signed in
- nomad://user:pass@signin – causes NoMAD to get a Kerberos ticket for that user and password. If the Keychain is set to be used, this password will be stored in the keychain.
- nomad://update – makes NoMAD update immediately
- nomad://passwordchange – will show the change password window
If you have 1.0.3 or later installed, clicking on any of the above links will cause NoMAD to react. You can also use this from scripts via the “open” command.
open nomad://signin
In a shell script will cause NoMAD to launch, if it isn’t already and then show the sign in window if AD is reachable. This is a pretty handy thing to use at the end of your enrollment workflow to get the user’s password starting to sync.
NoMAD 1.0.3 is out!
Lots of customization and some bug fixes.
New Features
— Most every menu item is customizable as to the label and able to be hidden from the user. Check out the preference keys for how to do that.
— Automatic retrieval of x509 certificates if a user doesn’t already have one.
— Localized into French, German and Danish with other languages to come shortly. Many thanks to everyone that helped with this.
— NoMAD now responds to custom urls, so nomad://update will cause NoMAD to update itself. nomad://signin will display the sign in window. More info here.
— Trigger a script on successful password changes.
— The Change Password window now allows you to specify a password complexity policy so the users can be reminded of why their password may not work.
— Option-clicking the menu will now show the current version and build of NoMAD in the menu.
— LDAP over SSL support.
You will find a full list of all the preference keys, including all of the new ones for 1.0.3 here.
Bugs Fixed
— Better handling of bound machines. Previously NoMAD would overwrite your prefs each time it launched.
— If you’re on a .local AD domain we now handle DNS lookups better that were causing the NoMAD menu to be unresponsive.
A full list of tickets address in NoMAD can be found here.
Get 1.0.3 at our downloads page.