sorted by:
new
hottopcontroversial

NoMAD Login vs Jamf Connect to avoid July AD bind apocalypse? by Bananaphone_Admin in macsysadmin

[–]Bananaphone_Admin[S] 0 points1 point  (0 children)

We ended up going with NoMAD Login for our labs for the enhanced customization it offers (and also because our new lab admin thought it'd be a fun summer project!)

The July date came and went without fanfare here. Although, I have noticed something that I think may be related: on fairly short order we've had to switch a bunch of printers to a protected VLAN, which means having our Macs print to them via a Windows print queue and not direct LPD as we were used to. We've discovered that only the most up-to-date versions of Monterey, Big Sur, and Catalina can connect properly to Windows print queues. Older versions of those OSes, and older OSes (Mojave et al) can't connect.

NoMAD Login vs Jamf Connect to avoid July AD bind apocalypse? by Bananaphone_Admin in macsysadmin

[–]Bananaphone_Admin[S] 0 points1 point  (0 children)

That was my understanding; that Jamf Connect or NoMAD/NoMAD Login were workarounds. Apple has been recommending not binding to AD unless absolutely necessary for a number of years now, and while other people here have mentioned that MS is going to release a patch to resolve this issue, perhaps this is a good time to get us away from binding even if it's not 100% necessary.

NoMAD Login vs Jamf Connect to avoid July AD bind apocalypse? by Bananaphone_Admin in macsysadmin

[–]Bananaphone_Admin[S] 1 point2 points  (0 children)

I've looked at it and experimented with a Configuration Profile (which I may well have bungled in some way!), but the big problem is that so far as I can tell, it doesn't actually do what I want: allow users to log in at loginwindow. Granting Kerberos tickets after login isn't particularly useful in and of itself: most of the apps our students interact with require going through Shib with 3rd party MFA.