Jamf Nation Community

AJPinto · ‎12-22-2023

After several years of more or less being neglected Jamf has announced they are archiving NoMad. I figure NoMad is worthy of a moment of remembrance. How did you guys use NoMad and how many of you still use NoMad?

Strangely enough we used NoMad to make the domain bound life easier giving our users by giving a more stable way to update passwords and map network drives, never mind NoMad was designed to be used without domain binding. We moved off NoMad about 3 years ago.

https://www.jamf.com/blog/jamf-to-archive-nomad-open-source-projects/

Chubs · ‎12-22-2023

Ooof well that means they just crapped in someone's cereal. Curious why they decided to announce this while so many people aren't in the office? It would have made sense to announce this at the beginning of the month to help people prepare.

I find your lack of faith disturbing

View solution in original post

AJPinto · ‎12-22-2023

I get the code base has not been updated in years, but it's still been perceived as "supported". Then to say it will be archived with 9 days warning before it happens seems really dirty. This is something that should have had at least a month or two warning as you said to give people still using it time to plan.

View solution in original post

whiteb · ‎12-22-2023

We still use NoMAD for K-12 shared labs. It still works with the latest Sonoma. The news didn't exactly come as a shock as it's been pretty much abandonware for a couple years at this point. I guess it's been a slight risk as if Apple were to change something with the login window we'd have to scramble to find an alternative quickly (I don't consider native-binding an alternative). When we renewed with Jamf a couple months ago they bundled Protect and Connect together to save us money (we're save money even without using Connect). So I currently have the option of switching to Connect. I'd strongly prefer to point Connect to our IdP (we use Google Workspace with Google pointing to ClassLink as our IdP) rather than leverage Connect's ability to pull kerb tickets. So I've been trying to get ClassLink to build an integration. Prior to our Jamf renewal we were looking at XCreds which also seems like a good option.

Platform SSO sounds cool and all but is far from being widely adopted.

View solution in original post

Jason33 · ‎12-23-2023

I've still got about 40 users that are still using NoMad. The majority of our users are local accounts using Kerberos SSO for password sync; those other 40 are legacy domain/mobile accounts. Time to get them converted I suppose.

View solution in original post

Chubs · ‎12-22-2023

Ooof well that means they just crapped in someone's cereal. Curious why they decided to announce this while so many people aren't in the office? It would have made sense to announce this at the beginning of the month to help people prepare.

I find your lack of faith disturbing

AJPinto · ‎12-22-2023

I get the code base has not been updated in years, but it's still been perceived as "supported". Then to say it will be archived with 9 days warning before it happens seems really dirty. This is something that should have had at least a month or two warning as you said to give people still using it time to plan.

whiteb · ‎12-22-2023

We still use NoMAD for K-12 shared labs. It still works with the latest Sonoma. The news didn't exactly come as a shock as it's been pretty much abandonware for a couple years at this point. I guess it's been a slight risk as if Apple were to change something with the login window we'd have to scramble to find an alternative quickly (I don't consider native-binding an alternative). When we renewed with Jamf a couple months ago they bundled Protect and Connect together to save us money (we're save money even without using Connect). So I currently have the option of switching to Connect. I'd strongly prefer to point Connect to our IdP (we use Google Workspace with Google pointing to ClassLink as our IdP) rather than leverage Connect's ability to pull kerb tickets. So I've been trying to get ClassLink to build an integration. Prior to our Jamf renewal we were looking at XCreds which also seems like a good option.

Platform SSO sounds cool and all but is far from being widely adopted.

AJPinto · ‎12-24-2023

We have JAMF Connect pointed to our IDP, and don't really use the ticket feature much. Most everything is OAUTH2 now anyway. Thankfully moving from Domain Bound + NoMad, to JAMF Connect was a really easy shift. I'd imagine it would be easy for you guys also as JAMF Connect is really a stupid simple client.

I'd love to give PSSO a try, but Apple really just is not putting resources in to it for it to develop fast enough. Okta supports it, but it's a cost add feature for your entire environment which is a blocker when 99% of your users run Windows. Microsoft's support for PSSO is still in preview last I checked and no one else is really paying too much attention to PSSO. Apple really needs to learn to attract developers if they want any of their projects to take off.

Chubs · ‎01-08-2024

PSSO isn't there yet. It doesn't do account creation which is a big want from many (most?) institutions.

I find your lack of faith disturbing

Jason33 · ‎12-23-2023

I've still got about 40 users that are still using NoMad. The majority of our users are local accounts using Kerberos SSO for password sync; those other 40 are legacy domain/mobile accounts. Time to get them converted I suppose.

nstuto · ‎01-08-2024

I am in this boat too. I missed the blog post and trying to catch up. What happens if you have a domain bound machine with a local account and use Jamf Connect? Does the machine need to be unbound to AD or can they stay bound?

Chubs · ‎01-08-2024

If your AD and your cloud IdPs are synced, it should work. May need to test this to see the behavior though. I can tell you that this used to work, but we haven't used AD binding in a while now though.

I find your lack of faith disturbing

Jamf Nation Community

The end of an era, a eulogy to NoMad.