1. Basic Functionality
NoMAD Testing Guide
A checklist for evaluating NoMAD in your environment. This should also give you some ideas about NoMAD deployment and usability scenarios as well.
Start at the beginning by downloading a fresh copy of NoMAD on a fresh Mac. It doesn’t matter if the Mac is bound to AD or not, NoMAD will work either way.
You can find the download here in the Download section of this website.
- Launch NoMAD. The binary is signed as all good applications should be and can be run from any location. The applications’ icon is a Caribou, the most nomadic land mammal in the world.
- If you’re not bound to AD, you’ll be presented with a Preferences window. The only field you need to fill out at this time is the “AD Domain” field at the top.
- If you are not bound to AD you will not see the Preferences window as NoMAD will automatically determine your AD Domain and use that. You can change this later by using the Preferences window or through other means if you would like.
- Once NoMAD has launched you’ll see a triangle icon in the Menu Bar at the top of your screen. If you are not able to reach your AD Domain, you’ll see “Not Connected” next to the icon. If you can reach your domain, you’ll see the same triangle with out any text. Finally, if you already have a Kerberos ticket for the current user, you will see a green check mark in the triangle. The icons are shown below.
- If the icon has “Not Connected” next to it, please sign in to your VPN or otherwise connect to your organization’s network such that your AD Domain Controllers (DCs) are able to be reached by the system running NoMAD. Note that NoMAD will automatically detect when the network has changed and will update accordingly.
- Once connected you can sign in to NoMAD if you do not have a green check mark in the NoMAD icon in the menu bar. Do this by using the “Sign In” option on the menu. Note that if you’re unable to contact the DCs, you won’t be able to use the “Sign In” menu item.
- This will activate the Sign In window where you can sign in as an AD user. You are more than welcome to use just the user’s short name, or their full email@example.com handle. Note there is no need to enter the NT Domain before the user name.
- Upon successful authentication you will now have a Kerberos TGT for that AD user and will be able to sign in to all Windows SSO resources which may include websites, file servers and some applications.
- If your user has a password expiration policy, the number of days until that user’s password expires will be shown on the menu bar next to the NoMAD icon and on the second line of the NoMAD menu itself. If the user does not have an expiration date, then no text will be next to the NoMAD icon and the second line of the NoMAD menu will show “Password does not expire.
- To remove your SSO credentials you can use the “Sign Out” menu item.