Do you still bind your Mac computers to AD? Well… you shouldn't!
I modified KerbMinder a year ago to be able to use it while not being bound. KerbMinder allows you to create a Kerberos Ticket and refresh it every time you're connected to your corporate network.
Then Apple started to be more aggressive in selling Enterprise Connect. It is made by Apple Professional Services and adds the possibility to synchronise your local password with your AD password. My clients switched to it. They love the functionality ("It just works!"), and the awesome support they get from Apple Professional Services.
Today, Joel Rennich (aka mactroll) released the first Public Beta of NoMAD, with the quite aggressive tagline: Get all of AD, with none of the bind!
You get these features (emphasis are mine):
- Get Kerberos credentials from AD to use for single sign-on for all services using Windows Authentication.
- Automatically renew your Kerberos tickets based upon your desires.
- Optional lock screen menu item.
- Get an X509 identity from your Windows CA.
- One click access to Casper self-service if installed.
- One click access to creating a Bomgar chat session with a help desk operative.
- Admins can push one-line CLI commands to show up as a menu item in NoMAD.
- Admins can specify specific LDAP servers to use instead of looking them up via SRV records.
- Sync your AD password to your local account.
- Users are warned about impending password expiration.
- Customize user's help options between a Bomgar URL, web URL or local application path.
While I couldn't speak highly enough of Enterprise Connect, NoMAD is an interesting tool for who cannot purchase it. It also has added functionality, such as generating certificates and adding custom menu items to the menu. It has quite a few bugs and performance issues, but it's a great start!
If you'd like to have a look, go to https://gitlab.com/Mactroll/NoMAD
Ping me on Slack (@ftiff) if you intend to contribute, so I can invite you to the "secret channel".