What you're experiencing is correct. NoMAD Login in its current design does not handle password changes. Think of NoMAD and NoMAD Login as companion products. Login creates local accounts with AD credentials, NoMAD then handles account updates including password changes.

NoMAD Login is not aware your password changed off Mac, only NoMAD is. The next time a user logs into NoMAD it should notice a password mismatch and prompt to sync them. In my case I'm only using NoMAD Login as a provisioning tool in 1:1 single user deployments. Labs can be trickier, but still work depending on your needs.

That makes sense! I installed both, but couldn't for the life of me figure out what I would use NoMAD for (and in all honesty, I was throwing this together as fast as possible!). I'll see if that works for me!

Is there a way to have NoMAD run at user logon to check for changes to AD?

@jbanks Take a look at UPCAlert pref - https://nomad.menu/help/preferences-and-what-they-do/. User will have to be logged into NoMAD to know if passwords are different. Password mismatch should be checked on a regular basis.

What is the point in NoMAD login, if the Apple AD plugin already handles this better?

@benshawuk We no longer bind, so we rely on NoLoAD to create the account.

@benshawuk The entire point is the AD plugin in fact does not handle this better. Plenty of people can attest to the fantastic ways mobile accounts break at every major release. Apple prefers local accounts whenever possible. NoMAD and Login are another way to move closer to more easily managing local accounts while still referring back to a central directory like AD.

But when the AD password changes, the local password doesn't update..
What if a user forgets their password at the login screen? With AD bound Macs they can successfully log in (login keychain issues aside).
How would this work with a NoMAD login window?

@benshawuk currently, with NoMAD login they would login with their old password and NoMAD would then detect after a login that their password is different from their network password. So basically, at this time, you need to configure both NoMAD products separately. They work well and seamlessly together, but having just one in place is 50% of the solution.

At some future date, NoMAD login will have an option to check at login if the password that a user is logging in with is their current network password.

So, my org has been dealing with this NoMAD-will-not-synch-the-passwords issue for some time, even though I have it set to do so. As 2019 started, we saw a big uptick in customers whose passwords were not being synched when changed and I had to dig into NoMAD and see what the heck was happening. Here is what I found and what we decided to do about it:
-Basically, customers were letting their password completely expire (gasp!) and then call in while remote to get assistance with changing it
-Since the customer was remote in this scenario, the support agent changed their AD password to a temp one and got them on the VPN, then walk them through the steps in NoMAD to change it. It had a low "synch-success" rate, without knowing why.

One thing we discovered was that if the Mac was rebooted before the process was started, even assigning a temp password outside of NoMAD, the synch would occur. Plus, and this was a big one; the Mac would synch completely if the machine in question was on a wired ethernet connection vs. a wireless. Since making sure these two conditions are followed before the change password process is started, we've seen NoMAD synch the two passwords as it should. Maybe those tips will help you.

@float0n What if the user forgets their password?
I honestly fail to see how this is any better than the Apple AD plugin. In fact, less functional.

@benshawuk Do you have people forgetting their passwords on a regular basis? As in, the password they type in multiple times a day? I know it does happen to use once in a while, but not that often. In that case all you need to do is reset their local password and create a new keychain on next login.

@nstrauss For 1:1 provisioning, does this work for a new user whose AD account is set for the password to be changed at next login?

For anyone still looking for Nomad login to manage the password changes. There is a slack channel that currently has an alpha version of Nomad Login that will help keep the user password in sync. #nolo-localsyncbeta

Hi

After password change user can not log in at all using old password and new password.

Any ides???

Thanks

@PE2000 did you figure this out? Having a similar issue after domain password change.