NoMAD with NoMAD Login

I would definitely move to the configuration profile. If you need help creating one check out ProfileCreator. It's a great tool to create profiles and it has a NoMAD?/NoMAD Login settings helper built in.

You can make one by hand by creating a plist file like this

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>ADDomain</key>
    <string>my.domain</string>
    <key>BackgroundImage</key>
    <string>/path/to/some/image.png</string>
    <key>UsernameFieldPlaceholder</key>
    <string>Something witty</string>
    <key>CreateAdminIfGroupMember</key>
    <array>
        <string>group1</string>
        <string>group2</string>
        <string>group3</string>
    </array>
    <key>LoginLogo</key>
    <string>/path/to/some/logo.png</string>
    <key>LoginScreen</key>
    <true/>
</dict>
</plist>

I created a new config profile in the jamf server and uploaded the plist in the "Custom Settings" payload. The Preference domain is menu.nomad.login.ad

That tool looks pretty cool. Am I missing something, or does it not have any sort of executable/app in there? I went to use it, and there's simply nothing to use.

It's in the releases tab at the top of the page.

Here you go! Linky!

@cmudgeUWF What did you download? I went to the Releases tab and downloaded the latest beta version. The DMG I pulled down has the app in it.

Outside of using something like this, which is cool, you could also look at tools like mcxToProfile.py from Tim Sutton. It hasn't been updated in a while, but that's likely because it hasn't needed one. It's a python script/tool that let's you take a configured plist file on your Mac and turn it into a deployable Configuration Profile. Since you've already got a lot of the commands to write the NoMAD menu values into a plist file, you could just create the plist and make it into a profile with that.

Guess I'm not well-versed enough on GitHub (or I'm just used to scripts). I see the releases now. Thanks guys. Let me take a look at this real quick to see what I can do.

Alright, so I built the mobileconfig file and uploaded it to JAMF, but upon attempting to apply it, my test machine failed. I'm not sure why....

Ok, so I exported my plist on a machine that has a decent operational setup, and added it to a config profile to apply at the user level for NoMAD. However, when NoMAD launches for a new user, it has no configurations at all. I'm stumped.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
        <key>ADDomain</key>
        <string>domain.domain.domain</string>
        <key>FirstRunDone</key>
        <true/>
        <key>KerberosRealm</key>
        <string>DOMAIN.DOMAIN.DOMAIN</string>
        <key>LastPasswordWarning</key>
        <real>1296000</real>
        <key>LocalPasswordSync</key>
        <true/>
        <key>SignInWindowOnLaunch</key>
        <true/>
        <key>SignedIn</key>
        <false/>
        <key>UPCAlert</key>
        <true/>
        <key>UseKeychain</key>
        <true/>
com.trusourcelabs.NoMAD.plist

@cmudgeUWF User level profiles are not recommended in most cases. Try computer level instead. Your profile there looks fine at first glance though I'm not sure why there's an extra line at the bottom with domain.

Spamming my own blog here, but I have a few posts I think you'll find useful.

Using NoMAD Login With Jamf DEP Workflows
Integrating NoMAD and NoLo to Auto Sign In

Let me know if something isn't covered there.

Yeah I'm still not following why it's not working. I added the following to my login window script:

defaults write /Library/Preferences/menu.nomad.login.ad.plist KeychainAddNoMAD -bool "$keychain_add" defaults write /Library/Preferences/menu.nomad.login.ad.plist KeychainCreate -bool "$keychain_add" /usr/local/bin/authchanger -reset -AD

I logged in as a new user, and I'm still getting prompted. There's nothing passed off to NoMAD once logged in. Even after the update://nomad command, I still got nothing.

@cmudgeUWF Are you including the $keychain_add variable in your script? Otherwise you'll want to run the defaults commands as...

#!/bin/bash

defaults write /Library/Preferences/menu.nomad.login.ad.plist KeychainAddNoMAD -bool TRUE
defaults write /Library/Preferences/menu.nomad.login.ad.plist KeychainCreate -bool TRUE

Or you can do...

#!/bin/bash

keychain_add="TRUE"

defaults write /Library/Preferences/menu.nomad.login.ad.plist KeychainAddNoMAD -bool "$keychain_add"
defaults write /Library/Preferences/menu.nomad.login.ad.plist KeychainCreate -bool "$keychain_add"

Can also check that preference domain to see if keys are getting set correctly.

defaults read /Library/Preferences/menu.nomad.login.ad.plist

I'm redoing my test environment real quick, but this is what the script looks like now in total:

#!/bin/bash

AD_domain="domain.domain1.domain2"
BackgroundImage="/BlueLogo.jpg"
LoginLogo="/logo.png"
EULA="Lots of EULA language"
EULA_Title=" Computing Resources Usage Agreement"
Admin_Groups="<Tech Support, Domain Admins>"
Placeholder="username@domain.domain1"

# Write default AD domain
defaults write /Library/Preferences/menu.nomad.login.ad.plist ADDomain "$AD_domain"
defaults write /Library/Preferences/menu.nomad.login.ad.plist BackgroundImage "$BackgroundImage"
defaults write /Library/Preferences/menu.nomad.login.ad.plist LoginLogo "$LoginLogo"
defaults write /Library/Preferences/menu.nomad.login.ad.plist EULAText "$EULA"
defaults write /Library/Preferences/menu.nomad.login.ad.plist EULATitle "$EULA_Title"
defaults write /Library/Preferences/menu.nomad.login.ad.plist CreateAdminIfGroupMember -array 'Tech Support' 'Domain Admins'
defaults write /Library/Preferences/menu.nomad.login.ad.plist UsernameFieldPlaceholder "$Placeholder"
defaults write /Library/Preferences/menu.nomad.login.ad.plist KeyChainAddNoMAD -bool "true"
defaults write /Library/Preferences/menu.nomad.login.ad.plist KeychainCreate -bool "true"
defaults write /Library/Preferences/menu.nomad.login.ad.plist BackgroundImageAlpha "40"

# Backup existing security authdb settings
#security authorizationdb read system.login.console > /private/tmp/evaluate-mechanisms/console.bak

# Write NoMADLoginAD security authdb mechanisms
#security authorizationdb write system.login.console < /private/tmp/evaluate-mechanisms/console-ad

#Use authchanger
/usr/local/bin/authchanger -reset -AD

# Find loginwindow processes and kill if any exist
if pgrep loginwindow; then 
    killall -HUP loginwindow
fi

exit 0

#!/bin/bash

AD_domain="doamin.domain1.domain2"
Realm="DOMAIN.DOMAIN1.DOMAIN2"

# Write default AD domain
defaults write com.trusourcelabs.NoMAD ADDomain -string "$AD_domain"
defaults write com.trusourcelabs.NoMAD KerberosRealm -string "$Realm"
defaults write com.trusourcelabs.NoMAD UseKeychain -bool "true"
defaults write com.trusourcelabs.NoMAD SignInWindowOnLaunch -bool "true"
defaults write com.trusourcelabs.NoMAD UPCAlert -bool "true"
defaults write com.trusourcelabs.NoMAD UseKeychainPrompt -bool "true"


exit 0

When I looked at the com.trusourcelabs.NoMAD.plist file in Terminal, it only had 'Realm = "" ' in it. I'll do a fresh test for you to get a little better results.

Anyone have information or know where to get it for customizing the nomad login window? I am trying to get the area around the fields to have a background or a different color. I am able to change the full background behind the login window and add a logo, but cannot edit the window itself.

@achristoforatos

Good stuff here:

GitLab information on NoMAD: https://gitlab.com/orchardandgrove-oss/NoMADLogin-AD/wikis/home

NoMAD build and concepts can be found here from Jamf User Conference: https://www.youtube.com/watch?v=dImloxKIb0o

NoMAD Home: https://nomad.menu/

the information at the links shoudl sum it up for you.