Jamf Nation Community

jalbert · ‎03-01-2019

I have NoMADLoginAD working great, user logs in for the first time using the NoMAD login window, it creates the local account with the same credentials as their AD Account. That works great.

I then remove NoMadLoginAD from the security login, to return it to normal login screen - just the user icons - this works great too!

I install and configure NoMAD on the workstation via policy, and I set the following via policy;

#!/bin/bash

AD_domain="mydomain.com"


# Write default AD domain
defaults write com.trusourcelabs.NoMAD ADDomain "$AD_domain"
defaults write com.trusourcelabs.NoMAD UseKeychain -bool "true"
defaults write com.trusourcelabs.NoMAD LocalPasswordSync -bool "true"
defaults write com.trusourcelabs.NoMAD SignInWindowOnLaunch -bool "true"
defaults write com.trusourcelabs.NoMAD UPCAlert -bool "true"


#Add to login items
osascript -e 'tell application "System Events" to make login item at end with properties {path:"/Applications/NoMAD.app", hidden:false}' 



exit 0

As you can see, I am setting the LocalPasswordSync option to true, but when I change the password using the NoMAD application, it isn't updating the local account password.

Anybody run into this before?

jalbert · ‎03-01-2019

Got it figured out, I wasn't running the preferences writes under the context of the user.... Here is the updated script if anybody is interested...

#!/bin/bash

AD_domain="mydomain.com"

user=`ls -la /dev/console | cut -d " " -f 4`


# Write default AD domain
sudo -u $user defaults write com.trusourcelabs.NoMAD ADDomain "$AD_domain"
sudo -u $user defaults write com.trusourcelabs.NoMAD UseKeychain -bool "true"
sudo -u $user defaults write com.trusourcelabs.NoMAD LocalPasswordSync -bool "true"
sudo -u $user defaults write com.trusourcelabs.NoMAD SignInWindowOnLaunch -bool "true"
sudo -u $user defaults write com.trusourcelabs.NoMAD UPCAlert -bool "true"


#Add to login items
osascript -e 'tell application "System Events" to make login item at end with properties {path:"/Applications/NoMAD.app", hidden:false}' 



exit 0

View solution in original post

jalbert · ‎03-01-2019

Got it figured out, I wasn't running the preferences writes under the context of the user.... Here is the updated script if anybody is interested...

#!/bin/bash

AD_domain="mydomain.com"

user=`ls -la /dev/console | cut -d " " -f 4`


# Write default AD domain
sudo -u $user defaults write com.trusourcelabs.NoMAD ADDomain "$AD_domain"
sudo -u $user defaults write com.trusourcelabs.NoMAD UseKeychain -bool "true"
sudo -u $user defaults write com.trusourcelabs.NoMAD LocalPasswordSync -bool "true"
sudo -u $user defaults write com.trusourcelabs.NoMAD SignInWindowOnLaunch -bool "true"
sudo -u $user defaults write com.trusourcelabs.NoMAD UPCAlert -bool "true"


#Add to login items
osascript -e 'tell application "System Events" to make login item at end with properties {path:"/Applications/NoMAD.app", hidden:false}' 



exit 0

mm2270 · ‎03-01-2019

You should consider moving to a User Level Configuration Profile for this, rather than defaults write commands. But I guess whatever works. The only reason for the preference of a profile, besides the fact that it's easier to manage going forward, is that if a user should end up deleting preferences from their ~/Library/Preferences/ folder and they remove that one, NoMAD will end up reverting to a default state, which will be rather confusing to someone already used to the configured mode.

Also, there is a prebuilt pkg at https://nomad.menu/support/ that will install a LaunchAgent to both open NoMAD on login and also keep NoMAD running for any user on the machine. So you don't need to add it to the user's login items with a script (which can also be removed by the user later)

Jamf Nation Community

NoMad: Sync passwords?