- Jamf Nation Community
- Products
- Jamf Pro
- NoMAD login admin and NoMAD AD Help issue
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
NoMAD login admin and NoMAD AD Help issue
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-11-2020 07:53 AM
Hey folks! We're brand new to JAMF and NoMAD and this has been a heck of a learning curve. We're having two specific problems with NoMAD that I'm hoping someone can look at the plist and just tell me how dumb I am for missing something obvious.
In NoMAD Login I have the account set to become admin but...they aren't.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>ADDomain</key>
<string>our domain</string>
<key>CreateAdminUser</key>
<true/>
<key>DemobilizeUsers</key>
<true/>
<key>KeychainAddNoMAD</key>
<true/>
<key>KeychainCreate</key>
<true/>
<key>KeychainReset</key>
<true/>
<key>LocalFallback</key>
<true/>
<key>Migrate</key>
<true/>
<key>PasswordOverwriteSilent</key>
<true/>
<key>PayloadDisplayName</key>
<string>NoMAD Login</string>
<key>PayloadIdentifier</key>
<string>com.github.erikberglund.ProfileCreator.F005C7F6-C907-4027-A4D6-14AB3704387A.menu.nomad.login.ad.095158ED-2B5B-4F94-9AE5-ED9F4C89AF03</string>
<key>PayloadOrganization</key>
<string></string>
<key>PayloadType</key>
<string>menu.nomad.login.ad</string>
<key>PayloadUUID</key>
<string>095158ED-2B5B-4F94-9AE5-ED9F4C89AF03</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>UseCNForFullNameFallback</key>
<true/>
</dict>
<dict>
<key>ADDomain</key>
<string>our ad</string>
<key>HideAbout</key>
<true/>
<key>HideLockScreen</key>
<true/>
<key>HidePrefs</key>
<true/>
<key>HideQuit</key>
<true/>
<key>HideRenew</key>
<true/>
<key>HideSignOut</key>
<true/>
<key>KerberosRealm</key>
<string>our kerberos</string>
<key>LocalPasswordSync</key>
<true/>
<key>LoginItem</key>
<true/>
<key>PayloadDisplayName</key>
<string>NoMAD</string>
<key>PayloadIdentifier</key>
<string>com.github.erikberglund.ProfileCreator.F005C7F6-C907-4027-A4D6-14AB3704387A.com.trusourcelabs.NoMAD.C96BFC9D-C833-4217-901D-3B8FDFFBC779</string>
<key>PayloadOrganization</key>
<string></string>
<key>PayloadType</key>
<string>com.trusourcelabs.NoMAD</string>
<key>PayloadUUID</key>
<string>C96BFC9D-C833-4217-901D-3B8FDFFBC779</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>ShowHome</key>
<true/>
<key>SignInWindowOnLaunch</key>
<true/>
<key>UseKeychain</key>
<true/>
<key>UseKeychainPrompt</key>
<true/>
</dict>
</array>
<key>PayloadDisplayName</key>
<string>NoMAD Login</string>
<key>PayloadIdentifier</key>
<string>com.github.erikberglund.ProfileCreator.F005C7F6-C907-4027-A4D6-14AB3704387A</string>
<key>PayloadOrganization</key>
<string>our org</string>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>F005C7F6-C907-4027-A4D6-14AB3704387A</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>And in our NoMAD AD settings nothing we set will change the Get Help URL from support.apple.com.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>ADDomain</key>
<string>our ad</string>
<key>CreateAdminUser</key>
<true/>
<key>DemobilizeUsers</key>
<true/>
<key>KeychainAddNoMAD</key>
<true/>
<key>KeychainCreate</key>
<true/>
<key>KeychainReset</key>
<true/>
<key>LocalFallback</key>
<true/>
<key>Migrate</key>
<true/>
<key>PasswordOverwriteSilent</key>
<true/>
<key>PayloadDisplayName</key>
<string>NoMAD Login</string>
<key>PayloadIdentifier</key>
<string>com.github.erikberglund.ProfileCreator.F005C7F6-C907-4027-A4D6-14AB3704387A.menu.nomad.login.ad.095158ED-2B5B-4F94-9AE5-ED9F4C89AF03</string>
<key>PayloadOrganization</key>
<string></string>
<key>PayloadType</key>
<string>menu.nomad.login.ad</string>
<key>PayloadUUID</key>
<string>095158ED-2B5B-4F94-9AE5-ED9F4C89AF03</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>UseCNForFullNameFallback</key>
<true/>
</dict>
<dict>
<key>ADDomain</key>
<string>our domain</string>
<key>GetHelpOptions</key>
<string>our helpdesk url</string>
<key>GetHelpType</key>
<string>URL</string>
<key>HideAbout</key>
<true/>
<key>HideLockScreen</key>
<true/>
<key>HidePrefs</key>
<true/>
<key>HideQuit</key>
<true/>
<key>HideRenew</key>
<true/>
<key>HideSignOut</key>
<true/>
<key>KerberosRealm</key>
<string>our kerberos</string>
<key>LocalPasswordSync</key>
<true/>
<key>LoginItem</key>
<true/>
<key>PayloadDisplayName</key>
<string>NoMAD</string>
<key>PayloadIdentifier</key>
<string>com.github.erikberglund.ProfileCreator.F005C7F6-C907-4027-A4D6-14AB3704387A.com.trusourcelabs.NoMAD.C96BFC9D-C833-4217-901D-3B8FDFFBC779</string>
<key>PayloadOrganization</key>
<string></string>
<key>PayloadType</key>
<string>com.trusourcelabs.NoMAD</string>
<key>PayloadUUID</key>
<string>C96BFC9D-C833-4217-901D-3B8FDFFBC779</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>ShowHome</key>
<true/>
<key>SignInWindowOnLaunch</key>
<true/>
<key>UseKeychain</key>
<true/>
<key>UseKeychainPrompt</key>
<true/>
</dict>
</array>
<key>PayloadDisplayName</key>
<string>NoMAD</string>
<key>PayloadIdentifier</key>
<string>com.github.erikberglund.ProfileCreator.F005C7F6-C907-4027-A4D6-14AB3704387A</string>
<key>PayloadOrganization</key>
<string>our org</string>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>F005C7F6-C907-4027-A4D6-14AB3704387A</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>What on earth are we doing wrong? I've used Profile Creator and just tried manually changing someone else's plist.
1 REPLY 1
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-29-2020 05:16 AM
I managed to discover the issue myself. The long story short is that, for whatever reason, Nomad did not like having all the extraneous stuff in it that Profile Creator throws in. I pared it down to basics and now Nomad AD and Nomad Login are working beautifully. Example below:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<array>
<dict>
<key>ADDomain</key>
<string>our domain</string>
<key>CreateAdminUser</key>
<true/>
<key>DemobilizeUsers</key>
<true/>
<key>KeychainAddNoMAD</key>
<true/>
<key>KeychainCreate</key>
<true/>
<key>KeychainReset</key>
<true/>
<key>LocalFallback</key>
<true/>
<key>Migrate</key>
<true/>
<key>PasswordOverwriteSilent</key>
<true/>
<key>UseCNForFullNameFallback</key>
<true/>
<key>ADDomain</key>
<string>our ad</string>
<key>HideAbout</key>
<true/>
<key>HideLockScreen</key>
<true/>
<key>HidePrefs</key>
<true/>
<key>HideQuit</key>
<true/>
<key>HideRenew</key>
<true/>
<key>HideSignOut</key>
<true/>
<key>KerberosRealm</key>
<string>our kerberos</string>
<key>LocalPasswordSync</key>
<true/>
<key>LoginItem</key>
<true/>
<key>ShowHome</key>
<true/>
<key>SignInWindowOnLaunch</key>
<true/>
<key>UseKeychain</key>
<true/>
<key>UseKeychainPrompt</key>
<true/>
</array>
</dict>
</plist>