... | ... | @@ -5,9 +5,7 @@ Hi everyone! You have found your way to the repo for **NoMAD Login AD**, or NoLo |
|
|
NoLoAD is a replacement login window for macOS 10.12 and higher. It allows you to login to a Mac using Active Directory accounts, without the need to bind the Mac to AD and suffer all the foibles that brings.
|
|
|
|
|
|
## About this release
|
|
|
The current production version of NoLoAD is 1.2.0. There are several enhancements we are working on for the 1.3 release and you can see those in the [1.3 Milestone](https://gitlab.com/orchardandgrove-oss/NoMADLogin-AD/milestones/8).
|
|
|
|
|
|
We would like to give a **huge** thanks to new contributor Joseph Rafferty. A lot of his pull requests really helped get the 1.2 release out the door.
|
|
|
The current production version of NoLoAD is 1.3.0.
|
|
|
|
|
|
For those of you that are new to NoLo, the basic features are:
|
|
|
|
... | ... | @@ -21,6 +19,38 @@ For those of you that are new to NoLo, the basic features are: |
|
|
* Display a EULA for users to accept on login
|
|
|
* Create a keychain item for NoMAD
|
|
|
|
|
|
## What's new in 1.3.0
|
|
|
* `BackgroundImageAlpha` an Integer from 0-10 which determines the alpha value for the background image in 10% increments, i.e. a value of `3` would be a 30% alpha
|
|
|
This was broken before and is now fixed.
|
|
|
* `DenyLocal` Boolean determines if local user accounts are allowed to sign in, or if all auth is forced through AD.
|
|
|
* `DenyLocalExcluded` Array or strings of user shortnames that will be allowed to authenticate locally instead of via AD.
|
|
|
* `DenyLoginUnlessGroupMember` Array of strings of AD group names. When an AD user is authenticating, only allow login if the user is a member of one of these groups.
|
|
|
* `EnableFDERecoveryKeyPath` String of a folder path where the recovery key will be stored. NoLo will create this folder if it does not already exist.
|
|
|
* `EnableFDERekey` Boolean that determines if the FileVault personal recovery key should be rotated when a valid FileVault user signs in.
|
|
|
* `LDAPServers` Array of strings of LDAP servers that you would like to use for AD authentication instead of using SRV record lookup.
|
|
|
* `LoginLogoAlpha` an Integer from 0-10 which determines the alpha value for the logo image in 10% increments, i.e. a value of `3` would be a 30% alpha
|
|
|
This was broken before and is now fixed.
|
|
|
* `LoginLogoData` is working again.
|
|
|
* `NotifyLogStyle` Takes a string of `jamf`, `filewave`, `munki` or `none` and will add the appropriate log file to the the Notify mechanism.
|
|
|
* `ScriptPath` Path to a script for the RunScript mechanism to run.
|
|
|
* `ScriptArgs` Array of strings of arguments to give the script being run by the RunScript mechanism. `<<User>>` will be replaced with the current user's shortname, `<<First>>` with the current user's first name, `<<Last>>` with the current user's last name, `<<Principal>>` with the current user's Kerberos principal.
|
|
|
* `UseCNForFullName` Use the the user's cn from AD instead of attempting to create the user name from the first and last name attributes of the user's AD record.
|
|
|
* `UsernameFieldPlaceholder` text to place into the user field in the loginwindow to give a hint as to what to enter.
|
|
|
* `UserInputOutputPath` string determining the path where the `userinfo.plist` will be written.
|
|
|
* `UserInputUI` a rather complicated dictionary that contains the settings for up to 4 text fields and 4 pop up buttons that will be shown during the UserInput mechanism. Look in the ConfigSamples folder in the source for an example of this configuration profile.
|
|
|
* `UserInputLogo` path to a logo file to use for the UserInput mechanism.
|
|
|
* `UserInputTitle` string for the UserInput mechanism title.
|
|
|
* `UserInputMainText` string for the UserInput text.
|
|
|
|
|
|
### New Mechanisms
|
|
|
* `NoMADLoginAD:RunScript` will run a script of your choosing as set by the preferences. This is typically marked as `privileged` to allow the script to run as root.
|
|
|
* `NoMADLoginAD:Notify` runs the Notify screen. See the DEPNotify project for more information.
|
|
|
* `NoMADLoginAD:UserInput` displays up to 4 text fields and 4 pull down menus to allow the user to enter information during the login process.
|
|
|
|
|
|
### Other changes
|
|
|
* The Demobilize mechanism will work with mobile accounts from other services than just Apple's AD plugin.
|
|
|
* The Demobilze and Notify mechanisms can be used without the NoMAD Login login window UI.
|
|
|
|
|
|
## What's new in 1.2.0
|
|
|
* Support for more than one managed domain (#97)
|
|
|
* Support for FDE passthrough from EFI unlock to the Desktop for FileVault (#74 & #82)
|
... | ... | @@ -73,4 +103,4 @@ When you decide that you've had enough it's easy to go back to the standard logi |
|
|
|
|
|
|
|
|
# Thanks
|
|
|
Thanks to all of you for trying NoMAD Login AD! Please let us know about issues and features in the issue tracker. You can also find us on Slack in [nomad](https://macadmins.slack.com/messages/C1Y2Y14QG) and [nomad-login](https://macadmins.slack.com/messages/C88MFDLV8). |
|
|
Thanks to all of you for trying NoMAD Login AD! Please let us know about issues and features in the issue tracker. You can also find us on Slack in [nomad](https://macadmins.slack.com/messages/C1Y2Y14QG) and [nomad-login](https://macadmins.slack.com/messages/C88MFDLV8). |
|
|
\ No newline at end of file |