I've had enough of Macs being bound to AD here in my environment. I've been looking at NoMAD, it seems great, but as far as I can tell there's no way to mount network drives based on user AD membership.
My question is this. Is there anyone that's using NoMAD and somehow mounting network drives based on AD user membership? I know that there's some info about making a plist to do mappings with NoMAD but it doesn't seem to be able to do what I need and the documentation is not great.
Maybe someone has a script that is able to do this? Or if someone can point me in the right direction that would be great as well, thanks.
I have been happy with how NoMAD and its shares work, in short when a user logs into nomad if they have access to any shares a new item will appear in the list called "File Shares" and then each share you have setup and they are they are in one of the approved "Groups" will appear in that sub section.
Here is a little snippet of some of my shares config.
Link to snippet
We are also using NoMAD and I am quite happy with it. Does anybody know why it takes up to a minute to ping AD and sign in the user to get the green tick mark? We have a series of scripts to mount the users network home and our data drive and sometimes a user will get prompted for a username/password to access that drive. It happens about 1 in 10 logins, but can be annoying. I was thinking about add a sixty second delay to the script to prevent this. Is there some way to "kick start" NoMAD?
Thanks for any insights,
@jared_f Have you tried using the autoMount key in the shares config? "AutoMount – Bool – Is the share automatically mounted."
Sounds like nomad hasn't made kerberos ticket yet, you might be able to use some of NoMADS apple events to help script this or a bash loop checking the result on klist?
Maybe something like:
From my understanding (I'm in process of testing, but haven't gotten that far yet) with NoMAD you just use this key in your shares configuration for NoMAD:
Groups – [String] – An array of AD group names. This share will only auto-mount for members of that group.
It's on the page you linked.
I've been messing with this a bit more, for some reason I still can't get the AD shares to mount using the noMAD share plist. I'm testing on a Mac that is not bound to AD, I'm able to connect to the share manually without issue. Below is an example of the modified part of the plist that I borrowed from @ryanj , thanks for posting that snippet btw :)
I assume I would want AutoMount set to true?
<key>AutoMount</key> <true/> <key>ConnectedOnly</key> <true/> <key>Groups</key> <array> <string>AD_Group_Name</string> </array> <key>LocalMount</key> <string></string> <key>Name</key> <string>AD_Group_Name</string> <key>Options</key> <array/> <key>URL</key> <string>smb://file-server/Shr-Test</string>
I couldn't find anything really wrong with that you had posted at one point it complained about some formatting but that was probably just me pulling it from the forum, be sure you have the full plist header as I have done below.
The best way to diagnose problems with NoMAD is to launch the binary in the terminal so you can see the logs, for example if your nomad app is in the applications folder just copy paste this into the terminal:
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>Shares</key> <array> <dict> <key>AutoMount</key> <true/> <key>ConnectedOnly</key> <true/> <key>Groups</key> <array> <string>Admin</string> </array> <key>LocalMount</key> <string></string> <key>Name</key> <string>Share</string> <key>Options</key> <array/> <key>URL</key> <string>smb://server/share</string> </dict> </array> <key>Version</key> <string>1</string> </dict> </plist>