NoMad not logging in from drop down

New Contributor III

Hello all,
I've gone through a few articles on this and can't seem to get past a problem I'm seeing.

This thread was helpful.

However, the issue I'm seeing is I am unable to login from the drop down menu. It doesn't show as not connected once I connect to our VPN, but it never indicates that there is a kerberos ticket in the icon. When I attempt to log in, it takes my credentials and disappears but never changes the icon or changes the context menu.

The test Mac is not AD bound currently and I've read from here that in this scenario, all that's needed is to enter the domain name:
This I've pushed through a config profile and can see it populated under preferences.

Any hints on how to troubleshoot this next? Thanks.


Contributor III

remove all config profiles and settings and try to do it all from the stock app. it should auto detect your domain (you may have to enter your username as name@domain.suffix) and let you sign in.

Contributor III

Nomad uses DNS to discover domain controllers and sites but more and more shops limit which domain controllers a given network can talk to at all. Talk to your network/AD people first and ask them if they’re doing that. If so, you can specify which DCs and KDCs nomad should talk to with some additional managed preferences.

New Contributor III

Removing the profile just prompts me to fill out all of the preferences on first login. This is not an AD bound machine.

This is over VPN, but the traffic for this Mac should be allowed, its no different than any other end user machine on that VLAN. All VPN traffic is on its own VLAN.

I did attempt to push a configuration profile with just the domain and KDC, however, it didn't seem to help and still wouldn't connect.

New Contributor III

More details, when I use no password to log into Nomad, it will give me an authentication error. When I use my correct credentials, it will disappear, however the icon never turns green and I change password and other Nomad menu items are grayed out.

New Contributor III

In case anyone else has this issue, I'll post what it was.

So I decided to add my test Mac to the domain. It auto-populated the domain kerberos realm. Turns out, I originally had them set in lowercase. After adding to the domain, the domain was lowercase and kerberos realm was all caps. After removing from the domain and creating my plist file correctly using this as a base:

It seems to work well whether on the domain or not. I removed the X509CA and Template keys.

After pushing this via configuration profile along with the installer and autolaunch agent pkg's for NoMad, it seems to work well. Thanks for the help guys.

New Contributor

I had the same issue as you. I would login and not get the green checkmark. Updated the configuration profile with all caps in the kerberos realm and everything is working as expected! Thanks for your help!