Star Nomad Mac OS

Star nomad mac os update
  1. Star Nomad Mac Os X

Star Nomad 2 is a space trader & combat sim set in a dynamic sandbox with an evolving conflict between three major splinter groups of humanity. It distills elements of games that have left a very long lasting impression on me as a gamer over the years, such as: Fallout 1/2, Star Wolves & FTL; inspired the tactical squad combat gameplay & random encounters. NoMAD is great for keeping your local Mac user account in sync with AD, but wouldn’t it be awesome if the accounts started out in sync? NoMAD Login provides this, and more, by allowing for AD logins on macOS without the need to bind to Active Directory. NoMAD Login is an open source app that has many features, including. NoMAD Open Source KBase; About. Purveyors of amazing software designed to make life easier for Mac Admins everywhere. Products Choose from our family of solutions! Subscribe to our mailing list! Email. Company. Yes, I would like to receive emails from NoMAD. (You can unsubscribe anytime) Constant Contact Use.

A couple of years ago, the general recommendation was to bind computers to Active Directory. With the change from desktop and shared computers to 1-to-1 laptop deployments, the picture has dramatically changed.

After the Kerbminder and ADPassMon scripts, we now have two alternatives:

  • Apple Enterprise Connect
  • NoMAD

Arguments for binding or not binding to Active Directory

TopicBindingNot Binding
802.1xWi-Fi (WPA2 Enterprise EAP-TLS) can use the machine certificate generated by ADWe can also use a profile that will deploy the root certificates and request a machine certificate through SCEP NoMAD can request a 802.1x certificate
Kerberos ticketsAD automatically provides Kerberos tickets, but only at login and when unlocking from screensaver. On mobile computers, users don’t logout as often and are mostly on Wi-Fi which doesn’t have time to connect before unlocking the screensaver. As a result, kerberos tickets are rarely renewed.Enterprise Connect or NoMAD handles the renewal of Kerberos tickets
AD users can log in to any bound Mac & Shared use of Mac (eg. Lab computers)As user identification and authentication resides on server, users can log in on any bound Mac. This is especially interesting for shared environments such as LabsOn mobile devices, this is getting harder as Portable Home Directories (syncing user home from file share) is no longer supported. The only possibility is to use network directories which are impractical in a mobile environment
User identification and computer usage traceabilityBinding to AD ensures that each username and uid is used only once across the bound Mac computersMDM can better trace computer usage
Users can be admins via the directory pluginA group of users can be specified as a local adminsA MDM can create a “management account” and take care of renewing the password
Password policiesPassword policies are handled in the AD accountA Password policy can be deployed
User Password expiryPassword expiry is handled in the AD accountA Password policy can be deployed
Ease of setupComputer needs to have access to AD during setupNo particular setup is needed For authenticated DEP, computer needs access to the MDM
Account lockLocal account is locked at next login or unlock from screensaverA better way to lock the user is to issue the wipe or lock MDM command
KeychainThe keychain password is not synchronized with Active Directory. When the password change is not done on the Mac, the users will get prompted to enter his old and new passwordLocal and remote passwords are not synced Enterprise Connect or NoMAD will sync the local password when it detects a change. Change will be replicated to the Keychain
FileVault PasswordFileVault and remote passwords are not synced When the AD password is reset, Filevault will keep the previous password, meaning we need to also reset FileVault using the recovery keyFilevault and remote passwords are not synced Enterprise Connect or NoMAD will sync the local password when it detects a change. Change will be replicated to FileVault

Choosing between NoMAD and Apple Enterprise Connect

Versions used:

  • Enterprise Connect 1.6.3
  • NoMAD 1.0.3
  • macOS 10.12
xEnterprise ConnectNoMAD(Active Directory binding)
VendorAppleOpen SourceApple
SupportSupported by Apple PS as included in the engagement and/or AppleCare OS SupportSupport plans availableSupported by AppleCare OS Support
OS requirement10.9+10.10+10.3+
Single Sign-OnAutomaticallyAutomaticallyOnly at login and screensaver
Password Expirationvia Notification Centervia Notification CenterOnly at Login
Password changevia menu itemvia menu itemvia System Preferences or login window
Fine Grained Password Policy support~ (doesn’t honor password expiration time)x
Quick links to getting support and softwarexx
Support for changing passwords not using AD, e.g. a web-based password portalxx
Password SynchronizationOnly when user is logged inOnly when user is logged inAutomatic
Home Network Share Automountx
Network Share AutomountPlannedx
Support for SSO on DFS sharesxPlannedx
AD Binding required?xx
macOS native?Uses Apple FrameworksUses Apple FrameworksmacOS Native
Script on password changex
Script on connection completedx
Audit scriptxx
Distributionsingle .pkgsingle .pkgmacOS Native
Configurationvia a Configuration Profile (and .plist)via a Configuration Profile (and .plist)multiple ways
X509 Identity from CAxMature
Language SupportEnglishEnglish, French, German, Danish, SwedishAll macOS languages
MaturityMature1.0.4x
InstallationTwo-day on-site professional services engagementNoneNone
Price$5,500 (one-time fee)Free, Support plans available ($399 to $2,500 per year)Free
AvailabilityContact your local Apple Sales Rephttp://nomad.menumacOS Native

Star Nomad Mac Os X

Source:http://macadminsdoc.readthedocs.io/en/master/Integration/Active_Directory.html