We’ve now added the full NoMAD family to the webpage and made it much easier to understand the differences between the products. All of the help pages and all of the links you may have been using should still all go to the same paces, although we will be moving the entire help section in the future as we create separate landing pages for each product.
Overall, a mix of small tweaks, some bug fixes in particular to automatic cert generation and keychain item handling. If you’re using NoMAD to pull certs, this would be a good update to do, otherwise most of the other changes are more minor.
Most of the changes are non-UI based. The biggest impact to the users may be the icon change when clicking on the icon as we use the dark icon to invert when clicked on. If you’re using custom icons, make sure you’ve set a the dark ones as well to allow for this inversion.
We hope to address our longest running issue, the lack of a Kerberos domain being set, when attempting to change a password for the first time. With 1.1.4 we will now write out a preference file to ~/Library/com.apple.Kerberos.plist with your AD domain as soon as NoMAD is launched for the first time.
An additional long-running issue is also addressed in that using the TitleSignIn key will work more consistently.
As mentioned above, if you’re using NoMAD to automatically pull certs, this would be a good update to install as a number of issues have been fixed.
– fix for Sign In window not fully displaying
– About menu now in menu
– icon now alternates when clicking on the NoMAD icon in the menu bar
– icon alternates correctly when in dark mode
– Kerberos preferences written out on first launch to further prevent the “Domain not found” error when changing passwords
– Certificate expiration computed better, and won’t crash on an already expired cert
– Automatically getting certs won’t cause a massive amount of certs to be generated
– Certificate cleaning will only happen if asked
– User password in the keychain will be looked for in many ways to ensure that the user name case isn’t an issue
– better defaults printing in the logs with -prefs
– fix for Sign In Window title not showing correctly when forced
– better handling of when all DCs in a site go down
– action menu fixes to correct actionTrue and to allow for cutom titles and red/yellow/green icons
– ability to get custom list of attributes from AD
– better handling of shares in the Shares Menu when switching users
– AppleScript Support
– Option to always make the current local user the primary Kerberos ticket
– Minor update to German localization
– Option to auto-mount shares via the Finder
– Write out current domain controller to NoMAD preferences
Join Head of Engineering Josh Wisenbaker as he walks you through our new open source product NoMAD Login. You’ll learn how to use NoMAD Login to create customized workflows including just-in-time user creation, mobile account de-mobilization, FileVault enablement at first login with APFS file systems and more.
Click on the links below to register for your preferred time.
Monday, February 26 at 3 p.m. CT
Tuesday, February 27 at 7 a.m. CT
Joel Rennich, Founder, NoMAD
This is Joel Rennich, founder of NoMAD.
You may know him as the boisterous blonde guy at Mac conferences who worked at Apple for 11 years and started AFP548.com decades ago.
At Orchard & Grove, we know him as the brain (and the boss), who generates huge, brilliant thoughts about Macs in the enterprise — but has trouble finding his sunglasses.
Like Carrie, the NoMAD caribou mascot, Joel is fairly nomadic. He’s lived in Switzerland, Illinois, D.C., California, and Texas (so far). His work keeps him traveling a lot. In fact, he just earned the 2 million lifetime miles swag from American Airlines. He’s spent most of his adult life on the road talking to companies and organizations about how they can make Mac products work best in their environments. He’s extremely passionate about his work, and NoMAD is his second baby (but don’t tell his son that).
Leaving Apple wasn’t an easy choice, but in his new career he’s never far from the “AppleVerse.”
“I enjoy the freedom to explore the projects I really want to do — and the significant decrease in conference calls,” he says. “But what I didn’t realize when I started Orchard & Grove is that the engineering is the easy part of the job. The amount of overhead and paperwork that is required in order to run a small company is annoyingly difficult.”
Which is why he has hired a small team of experts who have his back. We’ll highlight a team member each month, so you can get to know us better. Because to know us is to love us, right?
by Josh Wisenbaker, Head of Engineering
As we have been pushing to the initial 1.0 release of NoMAD Login AD a surprising topic has come up quite a bit. Many admins are asking what the differences are between the different types of user accounts on macOS. By account type, we aren’t talking about the difference between an admin and user, but between local, network, or mobile. All of these account types have existed on macOS for a long time, but there are still many nuances that can trip you up at first.
The NoMAD product line knows how to deal with these account types in order to keep things moving along in your deployment. In light of some of the confusion that is out there about what makes each account type unique, we’ve prepared a quick primer on them. Each of these sections describes the different sort of user accounts that you can have on macOS and features that are unique to each of them.
This started off as a smaller update, then got bigger…
Some cool new features, a few bug fixes, and then a big new feature that we know will evolve some over time. In addition, NoMAD is now all in Swift 4 and all the warnings in Xcode are gone. You can thank Josh for that work.
- Fewer password prompts when updating keychain items. In fact… you should have no password prompts.
- We dug deep into Kerberos and should have squashed the annoying “Domain not set” issue when attempting to change your password through NoMAD for the first time.
- Recursive group search works with “,” in user names.
- Allow for both and expired AD password and a non-matching local password at the same time.
- Better handling of the current date when looking for UPC alerts. This should minimize erroneous UPC Alerts.
- Better handling of when your SSL Cert template doesn’t actually exist on the Windows CA.
- Match any keychain item account for updates with
- When using UPCAlerts and a URL for the password change type, NoMAD will check for new passwords every 30 seconds for 15 minutes to catch the new password change even faster.
- The Sign In window is now unable to be closed if
SignInAlert is set and the user has not signed in at least once.
- The current AD site being used is written out to the preference file.
- Known bad domain controllers can be blocked by listing them as an array of FQDNs in
- A new pref key,
DontShowWelcomeDefaultOff will pre-tick the “Don’t show again” box on the welcome screen so users won’t have to do it themselves when it first appears.
UseKeychainPrompt will now show the Sign In window whenever the user does not have a password in the keychain, even if the user has signed in before.
- Certs pulled via NoMAD can have
eapolclient added to them with the use of the
We thought this would take us a bit longer… but NoMAD now includes a full actions menu which can hold as many “actions” as you’d like. Each action is a customized menu item that can have scripts and other built in actions behind it. Each item can have multiple actions chained together plus the ability to show or hide the item and even put red/yellow/green dots next to the items.
This is a fairly robust way of putting as many custom menu items as you’d like into a submenu in NoMAD.
You can read all about it here
This is a minor update to NoMAD mainly to correct some issues with certificate retrieval.
Updates in this release:
- fix for pulling certs too often when GetCertAutomatically is set
- fix for LDAPServerList not working
- remove build numbers from UI since builds are now in version number
If you are not using LDAPServerList or GetCertAutomatically there is not much need to update.
NoMAD 1.1.1 is a minor updated incorporate a few new features and some bug fixes.
- Norwegian and Croatian localizations have been added.
- NoMAD now supports sites with no DCs listed better. NoMAD will fall back on the globally available DCs.
- Better support for < 10.12 systems with the Welcome Screen.
- NoMAD is now developed in Xcode 9 and Swift 3.2.
- MenuFileServers – Sets the menu item title for the File Servers menu.
UseKeychainPrompt – Boolean – Prompts the user to sign into NoMAD at least once so that the password can be set in the keychain. This is typically used with bound systems and mobile accounts.
- Fix for file shares with spaces.
MessageUPCAlert – String – Allows you to customize the UPCAlert notification text.
- Fix for expired certificates causing a crash.
- Fix for non-automounted shares not being able to be manually mounted.
AutoRenewCert – Integer – Key to specify the number of days to go on a cert before automatically renewing it.
- Support for multiple Chrome domains with
We’re excited to announce that NoMAD 1.1 is available! Here’s an overview of what’s changed.
- Shares Menu – this is our biggest new feature since the initial launch of NoMAD almost a year ago. The Shares Menu allows you to provide a number of file shares for your users and mount them as needed based upon group membership and with variable substitution in the URLs.
- Keychain Item synching – NoMAD will updated a collection of Keychain items each time the user changes his or her password in AD.
- 802.1x TLS profiles – NoMAD can associate a user cert from AD with an 802.1x wireless profile.
- Welcome window – first time users of NoMAD can be shown a standard introduction to what NoMAD is, or get a custom HTML page that’s specific for your environment.
- Recursive group lookups – you can specify all groups to be returned, including nested groups. Note that this may increase look up times.
- FirstRunDone – in conjunction with the Welcome window, you can now know when the first time NoMAD has run.
- Anonymous LDAP – NoMAD can now be functional in non-AD environments that have anonymous binding.
- Open Directory Support – there is now a specific setting for OD to handle the differences between OD and other forms of LDAP servers.
- Sign In Window changes – the sign in window can be excluded from automatically showing for certain users. This is particular handy for when you login to a machine as a local admin and do not want to be pestered by the NoMAD Sign In window constantly popping up. On the other hand, NoMAD can now be configured to make the Sign In window pop to the front of all windows in the Finder on a regular basis for users that either forget to sign in or are actively trying to ignore signing in.
- More user attributes – NoMAD will now record a users’s e-mail address and UPN from his or her AD account and store this in NoMAD’s preference file.
- Fix for High Sierra not updating passwords in AD when changing the password for Mobile Accounts.
- Russian localization
- Some updates to having NoMAD use more of the Kerberos APIs for things like determining which of your current Kerberos tickets is your default.
Please see our knowledge base article on all preferences to see the new ones for 1.1 that can manage these settings.