NoMAD - Automatic Login

New Contributor III

Hi everyone,

We have NoMAD running in our environment. Currently whenever a machine finishes DEP, we have to launch NoMAD from Applications, then login with the user's credentials.

For new users, their local account credentials match their credentials in AD. Is there a way to make NoMAD login when it's launched, if the current user and password match what's in AD?

Here's our plist for reference:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "">
<plist version="1.0">
<dict> <key>ADDomain</key> <string>xxxxxxxx</string> <key>DontMatchKerbPrefs</key> <true/> <key>DontShowWelcome</key> <true/> <key>GetHelpOptions</key> <string>xxxxxxxxxx</string> <key>GetHelpType</key> <string>URL</string> <key>HideLockScreen</key> <false/> <key>HidePrefs</key> <true/> <key>HideQuit</key> <true/> <key>HideRenew</key> <true/> <key>HideSignOut</key> <true/> <key>KerberosRealm</key> <string>xxxxxxx</string> <key>LocalPasswordSync</key> <true/> <key>LocalPasswordSyncDontSyncLocalUsers</key> <array> <string>csadmin</string> </array> <key>LoginItem</key> <true/> <key>MessagePasswordChangePolicy</key> <string>Your password requires minimum 9 characters and must contain 3 from the following 4 categories: Uppercase, lowercase, numbers, symbols.</string> <key>PasswordPolicy</key> <dict> <key>minLength</key> <string>9</string> <key>minLowerCase</key> <string>1</string> <key>minMatches</key> <string>3</string> <key>minNumber</key> <string>1</string> <key>minSymbol</key> <string>1</string> <key>minUpperCase</key> <string>1</string> </dict> <key>PersistExpiration</key> <true/> <key>RenewTickets</key> <string>1</string> <key>SecondsToRenew</key> <string>7200</string> <key>SelfServicePath</key> <string>/Applications/Self</string> <key>ShowHome</key> <string>0</string> <key>SignInWindowOnLaunch</key> <string>1</string> <key>Template</key> <string>User Auth</string> <key>UPCAlert</key> <true/> <key>UseKeychain</key> <true/> <key>Verbose</key> <string>0</string> <key>X509CA</key> <string>xxxxxxxx</string>



As I understand it, since you're using keychain authentication to keep passwords in sync, the user will still need to authenticate to NoMAD once to store their password in the keychain. If you didn't have that preference set, NoMAD would automatically get their kerberos ticket from AD and sign them in automatically.

Contributor III

I think what you may be looking for is the NoMAD Launch Agent


@float0n Is correct. We use NoMAD and with the keychain sync setup you'll need to enter credentials into the dialog box to save them. Additionally like @walt linked to we also force the launch of NoMAD using a launch agent so if it's ever closed either on purpose or not it will relaunch right away.

I don't think you're going to be able to automate the login process and even if you are I'm not sure it would work %100 of the time.

New Contributor

It may be worth looking into NoMAD Login. I have seen that in their next release they hope that NoMAD Login and NoMAD can have a handshake and then the user only has to login once.