Interested in Supporting NoMAD Development?

23 Mar Interested in Supporting NoMAD Development?

What is NoMAD?

NoMAD is an open-source macOS application designed that allows users to authenticate to Active Directory (AD) domains without requiring the Mac to be bound to the domain. The application provides a menu bar item that shows the user’s AD username and allows them to update their password, among other things.

NoMAD 2 is a ground-up rewrite of the application that uses the same AD authentication framework found in NoMAD Login. The new version is focused on code cleanup and modernization, with a particular emphasis on addressing lingering threading and other issues.

NoMAD 2 includes several new features, such as support for single sign-on extensions, lights-out operation (where the NoMAD menu bar item is not visible), and multi-account support (with saved passwords and automatic sign-in). It also includes a PAM module to support authentication to AD without binding it for administration purposes.

The new version includes a Credential SSOE for macOS 10.15 and above, which means that if a user attempts to load a webpage that requires Kerberos authentication and they don’t have a ticket for the realm they are connecting to, they will see the NoMAD 2 authentication window.

NoMAD 2 will work on macOS 10.13 and greater, but at least macOS 10.15 is required for the single sign-on extension. The typical user flow through the application may be different than it was in the past, as NoMAD 2 supports multiple tickets, and many users only use Kerberos to change their password on occasion. As such, the behavior of NoMAD may be tweaked to better reflect modern workflows.

It’s used and is very popular in the MacAdmin community used in the on-premise Active Directory environments.

https://github.com/jamf/NoMAD-2

Jamf Purchased Orchard & Grove

In September 2018, Jamf, the management standard for the Apple ecosystem, acquired NoMAD, an open-source and commercial set of software products that simplify the Mac administration process. NoMAD helps organizations provide a simple, unified authentication and account synchronization process for Mac end users without needing to bind Mac devices to Active Directory (AD). With the acquisition, Jamf gained expanded management capabilities to serve IT as they move to cloud-based identity solutions while ensuring end users have the best possible Apple experience. The NoMAD team joined Jamf, and Jamf continued to develop, enhance, and support both the open-source and commercial products under the Jamf Connect brand. Customers of both the open-source version and Jamf Connect benefited from Jamf’s global support and services team.

https://www.jamf.com/resources/press-releases/jamf-acquires-nomad-the-leading-solution-for-streamlining-mac-authentication-and-account-management/

With the purchase, the open-source development slowed but still continued. But, most new developments went into upgrading/supporting Jamf’s commercial solution Jamf Connect.

Elvis has Left the Building

The primary developer, Joel Rennich, of NoMAD & NoMAD Login left Jamf to move on to new adventures and greener pastures.

The MacAdmin community’s had concerns about the projects’ status since Jamf acquired Orchard & Grove three years ago, resulting in minimal updates. To address this, NoMAD projects will move to the Jamf organization on GitHub to allow for better visibility and recognition of the connection between NoMAD and Jamf. The community is encouraged to contribute, maintain, and moderate the projects, and NoMAD 1.3 will be the end of the line for the NoMAD 1.x series. NoMAD 2 will move into public beta, and the releases will be signed and notarized with Jamf’s Developer ID identity.

But, with the move of the open source project under Jamf, there have been very little to no updates since Jan 12, 2022.

NoMAD still works in most on-premise Active Directory environments, but it’s starting to show its age and more bugs/issues are cropping up in many environments with NoMAD or with macOS updates.

Support Continued NoMAD Development

The developer of Xcreds, Timothy Perfitt, has put out feelers on the MacAdmins community interest in supporting the development of a new version of NoMAD. He has set up a GitHub repository to collect feature requests for the new version of NoMAD. File issues or upvote current issues so we can get a better idea of what the MacAdmin community wants from an updated version of NoMAD.

https://github.com/twocanoes/damon

Also, a MacAdmin slack channel,  #damon-app, has been set up to communicate features and interests.

XCreds is an open-source macOS software application that enhances the login process on Mac computers by enabling users to log in using their cloud-based identity provider credentials, such as Azure, Google Cloud, Okta, or any OpenID Connect password.

XCreds also allows for easy configuration using configuration profiles and can provision new user accounts and home directories for first-time logins. Additionally, XCreds enables offline access by switching to the standard macOS Login Window and keeps the user’s local Mac password in sync with their cloud-based identity provider password for seamless password syncing.

https://github.com/twocanoes/xcreds