NoMAD Open Source


Lose the bind!

While NoMAD can be a great tool to help users bound to Active Directory, its main purpose is to help move your Macs off binding to AD while still getting all of the functionality. Keep your users on local accounts and let NoMAD manage their interaction with AD by allowing them to sign in with their AD account to get Kerberos tickets, certificates for 802.1X connections and other functions without having to have a mobile account.

If you’re unsure if not binding is right for you, allow NoMAD to help you make the transition as all of NoMAD’s features work while bound as well. This way you, the admin, can migrate your systems when you’re ready and your users have the same experience.

Single Sign On

NoMAD allows for full Kerberos authentication for users using their AD passwords. NoMAD will let your users know when their password is about to expire and also allow them to securely change it from their Mac. It even lets them know how complex of a password they need to have. All of this to save you from minor help desk tickets that drag down your support team.

Password Synchronization

The most common use of NoMAD is to sync the user’s password from AD to their local account. NoMAD can ensure that a user’s AD account password is pushed down to their account on their Mac. And of course we make sure that the FileVault and Keychain passwords are synchronized as well! In addition NoMAD can watch for if the AD passsword was changed outside of the Mac and alert the user to the password change. The user can then put in their new password and synchronize everything up again.

Admin’s Helper

Just helping you out with fewer tickets would be great, but NoMAD will do a number of other admin functions to make youre life easier. NoMAD will let you know what AD groups a user may be a member of, this is handy for any scripts you may have that leverage group membership. NoMAD will let you know when the users 802.1X cert is going to expire and even get them a new one if you want.

Other Features

  • Use Active Directory credentials for single sign-on to all services using Kerberos authentication.
  • Automatic renewal of Kerberos tickets according to preferences for your environment.
  • In-menu lock screen trigger for macOS.
  • Automatic and manual retrieval of X509 identities from existing Windows Certificate Authorities.
  • One click access to Jamf Pro and other self-service applications if installed.
  • One click access to creating a Bomgar chat session with a help desk operative, and other support options.
  • Allowing Admins to push one-line CLI commands that show up as a menu item in NoMAD.
  • Allowing Admins to specify LDAP servers to use instead of looking them up via SRV records.
  • Syncing your AD password to your local account, including keeping the user’s local keychain and FileVault passwords in sync.
  • Warning Users about impending password expirations.
  • Single sign-on access to the user’s Windows home directory.
  • Fully AD site aware.
  • Scripts that can be triggered on network change and sign in.
  • Enabling Admins to specify alternate methods of changing passwords without using AD such as through password change portals.

© 2017 Orchard & Grove Inc.