NoMAD best practice


We're in the process of building a POC Jamf build, we have lots of aspects working well but want to use NoMAD for authentication to central filers and printers.

We use DEP, and the user account creation process takes the LDAP credentials supplied as default to match our AD. NoMAD is then deployed to the device along with a configuration profile/plist for various NoMAD configuration.

I have a reboot in the installation with then kicks NoMAD into the startup process, but the following behaviors are uncertain:

  • Users still need to login to get a kerberos ticket, despite the local credentials matching what should be required. This means they need to sign into NoMAD before they print without supplying a password - annoying. It also makes me assume once the ticket expires, things will stop functioning without regularly going into NoMAD and signing back in.

  • I don't know how long the tickets last for

  • Even when I'm authenticated, NoMAD says Not signed in - but displays the green tick in the icon. There's no option to sign out, just to sign back in.

Any guidance/answers to the above would be most appreciated, as we're extremely keen to get this working well but don;t want ot be reliant on it at all without better understanding/configuration of the product.


Contributor III

This is something I post a lot but only because it's quite helpful. This site has articles to setup exactly what you're looking to do. Also the author and several of the nomad developer hang out in the MacAdmins slack group so they can help with more specific issues. Hope this helps and good luck.