Mac Enterprise Setup

madapaka
New Contributor

Hi,

We're planning to migrate from a mix environment to a Mac OS X only shop for a better user experience. Currently, all our non-Mac users can use any workstation he/she desires and need not worry about documents and stuff (roaming profile via OpenLDAP and NFS). We would like the same functionality for the proposed Mac only infrastructure (no Microsoft AD please). We used to have Open Directory for our Mac users but is very slow, often problematic that is why we resorted to local accounts for our Mac users, ugly setup IMO.

I'm thinking of Jamf Pro (On Prem) for device management, but not sure when it comes to centralized user management, and roaming profile. An on-premise solution is highly desirable.

Suggestions are most welcome.

Thanks.

3 REPLIES 3

Hugonaut
Valued Contributor II

@madapaka Check out NoMad & NoMad Login - you can

A. Use NoMad to login with AD Credentials w/o binding the Mac to AD &
B. Use NoMad Login to custom the login window.

Some other features are converting the AD account to a Local Account when the user logs in (it will continue to sync there AD Credentials) or simply keep it mobile. It's open source & Free to use. Great tool.

https://nomad.menu/products/

As for Files they don't sync up on every computer, a solution I've used in the past was to create an applescript that mounted a share, so the most the end user has to do is login for the first time, open self service & select the "drive" they want to mount. In reality, the policy they are clicking in self service is just an applescript that mounts the desired drive. Then the user is prompted for password & in they go.

________________
Looking for a Jamf Managed Service Provider? Look no further than Rocketman
________________


Virtual MacAdmins Monthly Meetup - First Friday, Every Month

madapaka
New Contributor

Thanks @Hugonaut for responding.

I've had a look at Jumpcloud and it appears that it is just creating a local account for every device you bind the said account. In the past we also tried to use FreeIPA as LDAP authentication for our Macs but encountered some issues as regards user roaming profile mounted via NFS. Although the user's home directory was automatically mounted upon login unfortunately, some of Mac OS X features like spotlight is not working properly i.e., unable to search the home directory itself, Apple Mail search not working as expected.

Will take a look at NoMAD login option B as suggested as well as again use FreeIPA as auth server with Nextcloud for file sharing and home directory.

We don't have any Windows server in use that is why I've mentioned no AD please.

Hugonaut
Valued Contributor II

@madapaka you're welcome

I should've been more clear, so you can use NoMAD without NoMAD Login & Vice Versa. Keeping it very brief, just regarding logins,

NoMAD Login without NoMAD will only allow local accounts to sign in just, with a NoMad Login Window.

NoMAD without NoMAD Login will allow Local & AD users to login using macs default login window.

I hope that clears things up. There are a TON of extra features for using both in tandem which is what I recommend you do.

________________
Looking for a Jamf Managed Service Provider? Look no further than Rocketman
________________


Virtual MacAdmins Monthly Meetup - First Friday, Every Month