Softpedia >Mac >Security >NoMAD >  Changelog

NoMAD Changelog

What's new in NoMAD 1.2.0

Nov 11, 2020
  • New Features:
  • Ability to set a logo for the Sign In window.
  • Change Password menu item that will either change the password via Kerberos, if configured, take the user to their Okta dashboard page, or change it via another method of your choosing. When changing via Kerberos the user’s AD password complexity requirements will be pulled live from AD.
  • Support for Yubikey OTP as an MFA type.
  • LastSignIn time written out to the preferences noting the last successful Okta sign in.
  • Actions menu to allow you to extend the menu to any and all actions you want.
  • New URI action – nomadpro://gettickets will have NoMAD Pro silently go through the Kerberos ticket retrieval process.
  • Bug Fixes:
  • Better handing of Kerberos tickets.
  • Reworked the certificate retrieval process to be more dependable.

New in NoMAD 1.1.4 (Apr 18, 2018)

  • fix for Sign In window not fully displaying
  • About menu now in menu
  • icon now alternates when clicking on the NoMAD icon in the menu bar
  • icon alternates correctly when in dark mode
  • Kerberos preferences written out on first launch to further prevent the “Domain not found” error when changing passwords
  • Certificate expiration computed better, and won’t crash on an already expired cert
  • Automatically getting certs won’t cause a massive amount of certs to be generated
  • Certificate cleaning will only happen if asked
  • User password in the keychain will be looked for in many ways to ensure that the user name case isn’t an issue
  • better defaults printing in the logs with -prefs
  • fix for Sign In Window title not showing correctly when forced
  • better handling of when all DCs in a site go down
  • action menu fixes to correct actionTrue and to allow for cutom titles and red/yellow/green icons
  • ability to get custom list of attributes from AD
  • better handling of shares in the Shares Menu when switching users
  • nomad://getuser will put entire AD user record into the logs
  • AppleScript Support
  • Option to always make the current local user the primary Kerberos ticket
  • Minor update to German localization
  • Option to auto-mount shares via the Finder
  • Write out current domain controller to NoMAD preferences

New in NoMAD 1.1.3 (Feb 6, 2018)

  • Bug Fixes:
  • Fewer password prompts when updating keychain items. In fact… you should have no password prompts.
  • We dug deep into Kerberos and should have squashed the annoying “Domain not set” issue when attempting to change your password through NoMAD for the first time.
  • Recursive group search works with “,” in user names.
  • Allow for both and expired AD password and a non-matching local password at the same time.
  • Better handling of the current date when looking for UPC alerts. This should minimize erroneous UPC Alerts.
  • Better handling of when your SSL Cert template doesn’t actually exist on the Windows CA.
  • Features:
  • Match any keychain item account for updates with .
  • When using UPCAlerts and a URL for the password change type, NoMAD will check for new passwords every 30 seconds for 15 minutes to catch the new password change even faster.
  • The Sign In window is now unable to be closed if SignInAlert is set and the user has not signed in at least once.
  • The current AD site being used is written out to the preference file.
  • Known bad domain controllers can be blocked by listing them as an array of FQDNs in LDAPServerListDeny.
  • A new pref key, DontShowWelcomeDefaultOff will pre-tick the “Don’t show again” box on the welcome screen so users won’t have to do it themselves when it first appears.
  • UseKeychainPrompt will now show the Sign In window whenever the user does not have a password in the keychain, even if the user has signed in before.
  • Certs pulled via NoMAD can have airport and eapolclient added to them with the use of the AllowEAPOL key.
  • Actions Menu:
  • We thought this would take us a bit longer… but NoMAD now includes a full actions menu which can hold as many “actions” as you’d like. Each action is a customized menu item that can have scripts and other built in actions behind it. Each item can have multiple actions chained together plus the ability to show or hide the item and even put red/yellow/green dots next to the items.

New in NoMAD 1.1.2 (Nov 4, 2017)

  • fix for pulling certs too often when GetCertAutomatically is set
  • fix for LDAPServerList not working
  • remove build numbers from UI since builds are now in version number

New in NoMAD 1.1.1 (Oct 28, 2017)

  • Norwegian and Croatian localizations have been added.
  • NoMAD now supports sites with no DCs listed better. NoMAD will fall back on the globally available DCs.
  • Better support for < 10.12 systems with the Welcome Screen.
  • NoMAD is now developed in Xcode 9 and Swift 3.2.
  • MenuFileServers – Sets the menu item title for the File Servers menu.
  • UseKeychainPrompt – Boolean – Prompts the user to sign into NoMAD at least once so that the password can be set in the keychain. This is typically used with bound systems and mobile accounts.
  • Fix for file shares with spaces.
  • MessageUPCAlert – String – Allows you to customize the UPCAlert notification text.
  • Fix for expired certificates causing a crash.
  • Fix for non-automounted shares not being able to be manually mounted.
  • AutoRenewCert – Integer – Key to specify the number of days to go on a cert before automatically renewing it.
  • Support for multiple Chrome domains with ConfigureChromeDomain.

New in NoMAD 1.1.0 (Oct 18, 2017)

  • Shares Menu – this is our biggest new feature since the initial launch of NoMAD almost a year ago. The Shares Menu allows you to provide a number of file shares for your users and mount them as needed based upon group membership and with variable substitution in the URLs.
  • Keychain Item synching – NoMAD will updated a collection of Keychain items each time the user changes his or her password in AD.
  • 802.1x TLS profiles – NoMAD can associate a user cert from AD with an 802.1x wireless profile.
  • Welcome window – first time users of NoMAD can be shown a standard introduction to what NoMAD is, or get a custom HTML page that’s specific for your environment.
  • Recursive group lookups – you can specify all groups to be returned, including nested groups. Note that this may increase look up times.
  • FirstRunDone – in conjunction with the Welcome window, you can now know when the first time NoMAD has run.
  • Anonymous LDAP – NoMAD can now be functional in non-AD environments that have anonymous binding.
  • Open Directory Support – there is now a specific setting for OD to handle the differences between OD and other forms of LDAP servers.
  • Sign In Window changes – the sign in window can be excluded from automatically showing for certain users. This is particular handy for when you login to a machine as a local admin and do not want to be pestered by the NoMAD Sign In window constantly popping up. On the other hand, NoMAD can now be configured to make the Sign In window pop to the front of all windows in the Finder on a regular basis for users that either forget to sign in or are actively trying to ignore signing in.
  • More user attributes – NoMAD will now record a users’s e-mail address and UPN from his or her AD account and store this in NoMAD’s preference file.
  • Fix for High Sierra not updating passwords in AD when changing the password for Mobile Accounts.
  • Russian localization
  • Some updates to having NoMAD use more of the Kerberos APIs for things like determining which of your current Kerberos tickets is your default.

New in NoMAD 1.0.5 (Jul 19, 2017)

  • Bug Fixes:
  • Not really a NoMAD bug, but NoMAD now cleans up klist output on macOS 10.10 that erroniously adds blank spaces for 0 in the issued timestamp.
  • NoMAD is now happy to use network-only accounts from AD. Previously NoMAD would only work with mobile accounts.
  • NoMAD pre-flights any password changes against the local system now before changing in AD. This ensures that any local password policies won’t prevent the password change from working.
  • Significant changes to the password complexity warnings when changing passwords. The pref file will be much less finicky about having all of the complexity types in it. Also a popover will be shown and the user experience generally much better. Thanks to @ludeth for the help here.
  • Get Software menu item will now prefer a custom path instead of any self service applications that are found. Previously NoMAD would always go to any of the installed Self Service apps and ignore the custom path.
  • Pref Keys:
  • ConfigureChromeDomain – String – This will allow NoMAD to configure a domain in Chrome for Kerberos authentication beyond just the AD domain. Set this to your top-level domain that has to do with Kerberos and NoMAD will use that and wildcard any subdomains.
  • HideGetSoftware – Bool – This will determine if NoMAD shows the Get Software menu or not.
  • HideSignOut – Bool – This will determine if NoMAD hides the Sign Out menu or not.
  • LDAPOnly – Bool – Sets NoMAD to just use LDAP instead of treating the remote server as AD. Essentially this just tells NoMAD to not lookup the password expiration information and get the groups in a slightly different way.
  • LocalPasswordSyncDontSyncLocalUsers – [String] – An array of user names that if they match the current local user, NoMAD won’t synchronize the password regardless of what user logs into AD.
  • LocalPasswordSyncDontSyncNetworkUsers – [String] – An array of user names that if they match the AD user signing into NoMAD, that NoMAD will not synchronize the password.
  • MenuChangePassword – String – Allows you to override the standard Menu Item text for Change Password.
  • MenuGetCertificate – String – Allows you to override the standard Menu Item text for Get Certificate.
  • PasswordExpirationDays – Integer – Allows you to override whatever AD tells you is the standard password reset interval.
  • PasswordExpireCustomAlert – String – Custom alert to show in the menu bar instead of days to go.
  • PasswordExpireCustomWarnTime – Integer – Will cause the custom alert to be only shown at a specific threshold, and in yellow.
  • PasswordExpireCustomAlertTime – Integer – Will cause the custom alert to be only shown at a specific threshold, and in red.
  • SignOutCommand – String – Path to a script or other binary that you want to execute when a user signs out of NoMAD.
  • UPCAlertAction – String – Path to a script or binary that you want to execute whenever a UPCAlert is triggered. Pull Request credit to Ryan Jenkins.

New in NoMAD 1.0.4 (May 2, 2017)

  • Password countdown – If you don’t want to see it, you can hide the password expiration countdown regardless of if the user’s password is set to expire in AD. You can do this via defaults write com.trusourcelabs.NoMAD HideExpiration 1. On the other hand… if you want to see the countdown more often, you can set that as well so that NoMAD will keep the countdown in the menu bar even if the user is not logged into AD. You can set this by defaults write com.trusourcelabs.NoMAD PersistExpiration 1.
  • UI changes – You can now close all windows with cmd-W, we’d not even realized we weren’t doing that. Now it’s fixed. Also there’s a spinner that shows up when you’re logging in or changing your password. This give the user some better feedback that something’s going on under the covers.
  • Spaces in names – You may not have realized, but NoMAD supports users with a space in their short name. I didn’t realize that AD even allowed that, but it does… Now NoMAD supports spaces in the home share as well.
  • Prompting users to sign in – NoMAD can now put up a Sign In window after launch as soon as the domain is reachable and a user isn’t already signed in. You can use this for prompting your users to sign in after logging into their Mac. Enable this with defaults write com.trusourcelabs.NoMAD SignInWindowOnLaunch 1.
  • Ignoring password sync – It’s possible to want NoMAD to sync the AD password down onto the local user, but not want that all the time. Now you have two ways of doing this. First you can use the alternative Sign In, by holding down control-option when clicking the NoMAD menu. When signing in this way, no synchronization will be done. You can then sign out, and the original Kerberos credential will be intact. Secondly you can tell NoMAD to only sync passwords when the AD name matches the local user name. Enable this with defaults write com.trusourcelabs.NoMAD LocalPasswordSyncOnMatchOnly 1.
  • Password policies – This is probably the biggest new feature of 1.0.4. You can now tell NoMAD what your AD password policy is and NoMAD will ensure that’s met before allowing the user to change their password. You can set this policy by defaults write com.trusourcelabs.NoMAD PasswordPolicy -dict minLength 6 minUpperCase 2 minLowerCase 2 minNumber 2 minSymbol 1 and then the user will get red and green dots next to the passwords in the Change Password window.
  • Mousing over the colors will then tell the user exactly what part of the policy the password is not meeting. The Change Password button will only be enabled when the password meets the policy. In addition NoMAD will now ensure the new password can actually be set locally, if you have password syncing enabled, and alert the user that the password isn’t compliant.
  • We’ve also updated the list of preference keys for all of the new 1.0.4 versions.