![]() Now bring both packages you uploaded to Jamf and the script into a policy. # Kill loginwindow process to force NoMAD Login to launch # Set security authorization database mechanisms with authchanger # Should NoLo create a Keychain if none existsĭefaults write /Library/Preferences/.plist KeychainCreate -bool "$keychain_add" Logo="/local/path/to/image/on/mac/clients.png"ĭefaults write /Library/Preferences/.plist ADDomain "$domain"ĭefaults write /Library/Preferences/.plist LoginLogo "$logo"ĭefaults write /Library/Preferences/.plist UsernameFieldPlaceholder -string "$userplaceholder"ĭefaults write /Library/Preferences/.plist CreateAdminUser -bool "$admin"ĭefaults write /Library/Preferences/.plist LoginScreen -bool "$login_screen"ĭefaults write /Library/Preferences/.plist KeychainAddNoMAD -bool "$keychain_add" You can see the complete preference list with explanations here. Copy the script from below, and change values to suite your environment. Note that the version number might be different when you read this, but it is important that you don’t take the file that ends with “authchanger”. pkg and the NoMADLoginAD-1.2.1.pkg from the zip file to your Jamf package repository. pkg that you can install on other Macs using Jamf policies. Composer will then see differences between the first and last snapshot and let you make that into an. If you never used Composer before, you basically take a snapshot of your Mac, then move the evaluate-mechanisms folder to your desired location, and take another snapshot. What you want to accomplish is to get the evaluate-mechanisms folder somewhere reachable on your clients since it contains some important parts. pkg that places the evaluate-mechanisms from the zip in a location of your liking on your Mac. We will create tree policies for this configuration.ĭownload and extract the NoMAD Login zip. Now move over to the Policies section in Jamf. You only see the “Require Authentication” option if LDAP is configured in Jamf. This is because we want NoLo to create the user account. Under “Account Settings”, select “Skip Account Creation” under the “Local User Account Type” section. In Jamf Pro, in your Prestage Enrollment profile under “General”, make sure “Require Authentication” is deactivated. This is not a requirement, but making the user authenticate here can be unnecessary since NoLo will authenticate the user anyway. Enrolled Macs can communicate with your on-prem AD LDAP for user authentication.DEP assignment with Prestage Enrollment is configured in Jamf.Apple Device Enrollment Program / Business Manager (DEP). ![]() Instructions in this article is not compatible with NoMAD Login+ Okta, but NoMAD Login AD only. After the first log in, NoMAD Login is removed and the user will only see the default sign in screen. ![]() The NoMAD agent will then be able to automatically log in when the user signs in. If you follow this guide, you will be able to deploy Macs with Jamf via DEP enrollments, where the user account is created with NoMAD Login. Since we had quite a struggle I would like to help others out there by documenting our configuration. Recently, with help from my good colleges, we finally managed to to configure a working enrollment workflow with Jamf for our DEP Mac’s.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |