Category "NoMAD Releases"

This is a minor update to NoMAD mainly to correct some issues with certificate retrieval.

Updates in this release:

  • fix for pulling certs too often when GetCertAutomatically is set
  • fix for LDAPServerList not working
  • remove build numbers from UI since builds are now in version number

If you are not using LDAPServerList or GetCertAutomatically there is not much need to update.

We’re excited to announce that NoMAD 1.1 is available! Here’s an overview of what’s changed.

  1. Shares Menu – this is our biggest new feature since the initial launch of NoMAD almost a year ago. The Shares Menu allows you to provide a number of file shares for your users and mount them as needed based upon group membership and with variable substitution in the URLs.
  2. Keychain Item synching – NoMAD will updated a collection of Keychain items each time the user changes his or her password in AD.
  3. 802.1x TLS profiles – NoMAD can associate a user cert from AD with an 802.1x wireless profile.
  4. Welcome window – first time users of NoMAD can be shown a standard introduction to what NoMAD is, or get a custom HTML page that’s specific for your environment.
  5. Recursive group lookups – you can specify all groups to be returned, including nested groups. Note that this may increase look up times.
  6. FirstRunDone – in conjunction with the Welcome window, you can now know when the first time NoMAD has run.
  7. Anonymous LDAP – NoMAD can now be functional in non-AD environments that have anonymous binding.
  8. Open Directory Support – there is now a specific setting for OD to handle the differences between OD and other forms of LDAP servers.
  9. Sign In Window changes – the sign in window can be excluded from automatically showing for certain users. This is particular handy for when you login to a machine as a local admin and do not want to be pestered by the NoMAD Sign In window constantly popping up. On the other hand, NoMAD can now be configured to make the Sign In window pop to the front of all windows in the Finder on a regular basis for users that either forget to sign in or are actively trying to ignore signing in.
  10. More user attributes – NoMAD will now record a users’s e-mail address and UPN from his or her AD account and store this in NoMAD’s preference file.
  11. Fix for High Sierra not updating passwords in AD when changing the password for Mobile Accounts.
  12. Russian localization
  13. Some updates to having NoMAD use more of the Kerberos APIs for things like determining which of your current Kerberos tickets is your default.

Please see our knowledge base article on all preferences to see the new ones for 1.1 that can manage these settings.

We’re excited to announce the release of NoMAD 1.0.5.

NoMAD 1.0.5 is primarily a maintenance release, however, we’ve fixed a few bugs, made things run a bit faster and have introduced a few new pref keys.

The bigger new features in 1.0.5 are the ability to have an LDAP-only environment where no AD is present and more granular controls on which users will have their password synced locally.

We are also localized in Spanish now as well, thanks to @lctrkid

Bug Fixes

– Not really a NoMAD bug, but NoMAD now cleans up klist output on macOS 10.10 that erroniously adds blank spaces for 0 in the issued timestamp.

– NoMAD is now happy to use network-only accounts from AD. Previously NoMAD would only work with mobile accounts.

– NoMAD pre-flights any password changes against the local system now before changing in AD. This ensures that any local password policies won’t prevent the password change from working.

– Significant changes to the password complexity warnings when changing passwords. The pref file will be much less finicky about having all of the complexity types in it. Also a popover will be shown and the user experience generally much better. Thanks to @ludeth for the help here.

– Get Software menu item will now prefer a custom path instead of any self service applications that are found. Previously NoMAD would always go to any of the installed Self Service apps and ignore the custom path.

Pref Keys

ConfigureChromeDomain – String – This will allow NoMAD to configure a domain in Chrome for Kerberos authentication beyond just the AD domain. Set this to your top-level domain that has to do with Kerberos and NoMAD will use that and wildcard any subdomains.

HideGetSoftware – Bool – This will determine if NoMAD shows the Get Software menu or not.

HideSignOut – Bool – This will determine if NoMAD hides the Sign Out menu or not.

LDAPOnly – Bool – Sets NoMAD to just use LDAP instead of treating the remote server as AD. Essentially this just tells NoMAD to not lookup the password expiration information and get the groups in a slightly different way.

LocalPasswordSyncDontSyncLocalUsers – [String] – An array of user names that if they match the current local user, NoMAD won’t synchronize the password regardless of what user logs into AD.

LocalPasswordSyncDontSyncNetworkUsers – [String] – An array of user names that if they match the AD user signing into NoMAD, that NoMAD will not synchronize the password.

MenuChangePassword – String – Allows you to override the standard Menu Item text for Change Password.

MenuGetCertificate – String – Allows you to override the standard Menu Item text for Get Certificate.

PasswordExpirationDays – Integer – Allows you to override whatever AD tells you is the standard password reset interval.

PasswordExpireCustomAlert – String – Custom alert to show in the menu bar instead of days to go.

PasswordExpireCustomWarnTime – Integer – Will cause the custom alert to be only shown at a specific threshold, and in yellow.

PasswordExpireCustomAlertTime – Integer – Will cause the custom alert to be only shown at a specific threshold, and in red.

SignOutCommand – String – Path to a script or other binary that you want to execute when a user signs out of NoMAD.

UPCAlertAction – String – Path to a script or binary that you want to execute whenever a UPCAlert is triggered. Pull Request credit to Ryan Jenkins.

Downloads

NoMAD 1.0.5 package installer and zip file are now available in Downloads.

We’re excited to announce the release of NoMAD 1.0.4 today.

This release picks up a few bugs from 1.0.3, adds another localization, gives more options on how to display the password expiration countdown, and then implements a fairly comprehensive new set of password policies. You can find the complete list of issues here.

A few highlights:

  1. Password countdown – If you don’t want to see it, you can hide the password expiration countdown regardless of if the user’s password is set to expire in AD. You can do this via defaults write com.trusourcelabs.NoMAD HideExpiration 1. On the other hand… if you want to see the countdown more often, you can set that as well so that NoMAD will keep the countdown in the menu bar even if the user is not logged into AD. You can set this by defaults write com.trusourcelabs.NoMAD PersistExpiration 1.
  2. UI changes – You can now close all windows with cmd-W, we’d not even realized we weren’t doing that. Now it’s fixed. Also there’s a spinner that shows up when you’re logging in or changing your password. This give the user some better feedback that something’s going on under the covers.
  3. Spaces in names – You may not have realized, but NoMAD supports users with a space in their short name. I didn’t realize that AD even allowed that, but it does… Now NoMAD supports spaces in the home share as well.
  4. Prompting users to sign in – NoMAD can now put up a Sign In window after launch as soon as the domain is reachable and a user isn’t already signed in. You can use this for prompting your users to sign in after logging into their Mac. Enable this with defaults write com.trusourcelabs.NoMAD SignInWindowOnLaunch 1.
  5. Ignoring password sync – It’s possible to want NoMAD to sync the AD password down onto the local user, but not want that all the time. Now you have two ways of doing this. First you can use the alternative Sign In, by holding down control-option when clicking the NoMAD menu. When signing in this way, no synchronization will be done. You can then sign out, and the original Kerberos credential will be intact. Secondly you can tell NoMAD to only sync passwords when the AD name matches the local user name. Enable this with defaults write com.trusourcelabs.NoMAD LocalPasswordSyncOnMatchOnly 1.
  6. Password policies – This is probably the biggest new feature of 1.0.4. You can now tell NoMAD what your AD password policy is and NoMAD will ensure that’s met before allowing the user to change their password. You can set this policy by defaults write com.trusourcelabs.NoMAD PasswordPolicy -dict minLength 6 minUpperCase 2 minLowerCase 2 minNumber 2 minSymbol 1 and then the user will get red and green dots next to the passwords in the Change Password window.Screen Shot 2017-04-16 at 9.17.24 PMMousing over the colors will then tell the user exactly what part of the policy the password is not meeting. The Change Password button will only be enabled when the password meets the policy. In addition NoMAD will now ensure the new password can actually be set locally, if you have password syncing enabled, and alert the user that the password isn’t compliant.

We’ve also updated the list of preference keys for all of the new 1.0.4 versions.

Keep the feature requests coming, and we’ll keep making NoMAD better!

Lots of customization and some bug fixes.

New Features

— Most every menu item is customizable as to the label and able to be hidden from the user. Check out the preference keys for how to do that.

— Automatic retrieval of x509 certificates if a user doesn’t already have one.

— Localized into French, German and Danish with other languages to come shortly. Many thanks to everyone that helped with this.

— NoMAD now responds to custom urls, so nomad://update will cause NoMAD to update itself. nomad://signin will display the sign in window. More info here.

— Trigger a script on successful password changes.

— The Change Password window now allows you to specify a password complexity policy so the users can be reminded of why their password may not work.

— Option-clicking the menu will now show the current version and build of NoMAD in the menu.

— LDAP over SSL support.

You will find a full list of all the preference keys, including all of the new ones for 1.0.3 here.

Bugs Fixed

— Better handling of bound machines. Previously NoMAD would overwrite your prefs each time it launched.

— If you’re on a .local AD domain we now handle DNS lookups better that were causing the NoMAD menu to be unresponsive.

A full list of tickets address in NoMAD can be found here.

Get 1.0.3 at our downloads page.

© 2017 Orchard & Grove Inc.