Register Here for Our New NoMAD Login Webinar

Join Head of Engineering Josh Wisenbaker as he walks you through our new open source product NoMAD Login.  You’ll learn how to use NoMAD Login to create customized workflows including just-in-time user creation, mobile account de-mobilization, FileVault enablement at first login with APFS file systems and more.

Click on the links below to register for your preferred time.

Monday, February 26 at 3 p.m. CT

Tuesday, February 27 at 7 a.m. CT 


NoMAD 1.1.1 Released!

NoMAD 1.1.1 is a minor updated incorporate a few new features and some bug fixes.

  • Norwegian and Croatian localizations have been added.
  • NoMAD now supports sites with no DCs listed better. NoMAD will fall back on the globally available DCs.
  • Better support for < 10.12 systems with the Welcome Screen.
  • NoMAD is now developed in Xcode 9 and Swift 3.2.
  • MenuFileServers – Sets the menu item title for the File Servers menu.
  • UseKeychainPrompt – Boolean – Prompts the user to sign into NoMAD at least once so that the password can be set in the keychain. This is typically used with bound systems and mobile accounts.
  • Fix for file shares with spaces.
  • MessageUPCAlert – String –  Allows you to customize the UPCAlert notification text.
  • Fix for expired certificates causing a crash.
  • Fix for non-automounted shares not being able to be manually mounted.
  • AutoRenewCert – Integer – Key to specify the number of days to go on a cert before automatically renewing it.
  • Support for multiple Chrome domains with ConfigureChromeDomain.

NoMAD 1.1 Keychain Update options

Note: this has been updated as of NoMAD 1.1 build 734 beta to reflect the new dictionary of items.

What are Keychain Updates?

New in the NoMAD 1.1 Beta is the ability to update keychain items when a user changes their password.

Currently this is listed as a dictionary of keychain item names and account pattern pairs. NoMAD will look for these items in your keychain that have an account name that matches a search pattern. It will then update the item with the new password.

We expect there to be a lot of special casing here, so please investigate what items you’d like to change and if you need additional features.


Currently NoMAD can handle 6 different variables that you can use to create the account pattern match. These are domain, fullname, serial, shortname, upn, and email. You can build search patterns from all of these and mix with static characters. The variables are set off by << >>. For example the pattern <<shortname>> would expand to the AD shortname of the user followed by

If an attribute is unavailable for a user it will default to blank. So <<email>> for a user with no e-mail address defined in AD will expand to “”. This may not be ideal, so please let us know if this doesn’t fit your needs.

How to make it work

First you’ll need to add an array of keychain item names

defaults write com.trusourcelabs.NoMAD KeychainItems -dict 'test1' '"<<upn>>"'

Note the single then double quotes to properly escape the <<>> characters in that command.

Now change your password in NoMAD v. 1.1(732) or later.


New in 1.1(732) and later is the keychainItemsDebug flag that will provide more verbose output to the logs and attempt to update passwords everytime you sign in through the sign in window. This should make it much easier to determine what will be updated. Plus additional logging will be done of what items will be changed.

Keychain item example

In the keychain item below, the “Name” is what you add to the array in the NoMAD defaults. The “Account” field will need to match the substitution pattern for that item.


We know that this current methodology won’t always line up with what you may need, as such we’d love to hear from you as to how to make this better. In particular it’s quite possible that your user’s UPN doesn’t match up with the accounts in the Keychain Item. Please let us know on GitLab or the #nomad Slack channel.