- Jamf Nation Community
- Products
- Jamf Pro
- Re: NoMAD Login Question - Account Creation Issue
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
NoMAD Login Question - Account Creation Issue
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-01-2019 04:11 PM
Working on getting NoMAD and NoMAD login to work correctly, and had a question. Users are able to login with NoMAD Login, and the local account is being created. However, I've noticed that when I look at the local accounts on the Mac, the actual User Name is not being displayed. In other words, under Current User, I see a blank space where I would normally see the account name. Looking at Advanced Options for that account, the "Full Name" field is blank. Any ideas on how I can get that populated when the account is created by NoMAD Login?
Thanks!
6 REPLIES 6
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-01-2019 04:59 PM
@ukdboyd Are you using AD and do your AD accounts have givenName and sn attributes populated? NoMAD Login by default will use those two attributes, set them as firstName/lastName variables, and then set the local account full name by adding firstName + lastName.
If you aren't using those attributes, try creating or filling them out for a test user, and then create a local account with NoMAD Login. Full name should then be created as expected.
If you don't populate those today and don't plan to in the future, you could try using cn as full name instead. When poking around the code I found a new preference named UseCNForFullName. Could set that to true and then try again. Since every account has to have a cn that might work for you. Not sure what version that preference made it into, but definitely make sure you're using the latest. As of writing this believe that's 1.3.0.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-23-2019 09:01 AM
Every user that logs in is an admin... any advice on how to stop this?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-23-2019 09:11 AM
Here are the NoMAD Login Preferences - you can play around with them, but you can see that there is a CreateAdminUser boolean. Change that.
Reply
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-23-2019 09:12 AM
@tdclark I've been through that so many times. I am not sure what I am doing wrong though. Below are my prefs:
!/bin/bash
domain=""
background_image="/private/var/tmp/DarkGrey.jpg"
background_image_alpha="0"
keychain_add="YES"
logo="/private/var/tmp/logo-white-trans.png"
login_screen="YES"
admin="False"
userplaceholder="Collegiate username"
Set default AD domain
defaults write /Library/Preferences/menu.nomad.login.ad.plist ADDomain "$domain"
Set background image
defaults write /Library/Preferences/menu.nomad.login.ad.plist BackgroundImage "$background_image"
Set background image transparency
defaults write /Library/Preferences/menu.nomad.login.ad.plist BackgroundImageAlpha -int "$background_image_alpha"
Set login window logo
defaults write /Library/Preferences/menu.nomad.login.ad.plist LoginLogo "$logo"
Username placeholder
defaults write /Library/Preferences/menu.nomad.login.ad.plist UsernameFieldPlaceholder -string "$userplaceholder"
Enable user as admin
defaults write /Library/Preferences/menu.nomad.login.ad.plist CreateAdminUser -bool "$admin"
Enable or disable login screen
defaults write /Library/Preferences/menu.nomad.login.ad.plist LoginScreen -bool "$login_screen"
Adds a NoMAD entry into the keychain
defaults write /Library/Preferences/menu.nomad.login.ad.plist KeychainAddNoMAD -bool "$keychain_add"
Should NoLo create a Keychain if none exists
defaults write /Library/Preferences/menu.nomad.login.ad.plist KeychainCreate -bool "$keychain_add"
Set security authorization database mechanisms with authchanger
/usr/local/bin/authchanger -reset -AD
Kill loginwindow process to force NoMAD Login to launch
/usr/bin/killall -HUP loginwindow
exit 0
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-23-2019 12:07 PM
CreateAdminUser
This key is sent in the NoLoAD defaults domain. If set to YES then any local user created at login will be placed into the local admin group and therefore be a local administrator on the Mac. If set to NO, or if the key is omitted, then local user creation will default to non-administrative accounts.
I haven't really played with that key, my users are admins until they lose that privilege, so I'm just repeating what I found. Maybe at the end of your script echo the created username and use dscl to lower their rights... not sure if that would work or not... or run a script after log in which does that... hmm... there's probably a way my brain is just fried today.
Reply
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-23-2019 12:09 PM
@tdclark I was going to go with a script to run after to change that item since I've tried this many different ways and it just keeps creating admins. I just wanted to try and avoid anything extra. Thanks!
