NoMAD and NoMAD Login

While joining Macs to Windows Active Directory domains has been straight-forward for many years, network “mobile” accounts are handled poorly. Most notably, how Macs deal with password changes to mobile accounts made on systems other than themselves (such as the Campus ID website, or even other Macs) is a headache that NoMAD and NoMAD Login address.

Login Keychains

Your Mac’s Login Keychain keeps all your saved logins. Even if you don’t save your passwords on a Mac a Login Keychain is required for all accounts. The Login Keychain’s password is kept in sync with your account’s password. When in sync logging in automatically unlocks the Login Keychain. However, once you change your password via methods other than your Mac itself your account password changes but the Login Keychain password does not. The next time you sign in to your Mac it will recognize the sync is broken and present a cryptic prompt about your Login Keychain. Most users don’t know what to with the Login Keychain prompt, let alone even know what a Login Keychain is, and a bad selection here can be catastrophic to productivity. To make matters worse the Login Keychain prompt often glitches out and disappears!

The ideal solution to the Login Keychain prompt is to select Update Keychain Password and then enter your previous Mac password. However, with many users working from home for extended periods they may not remember their previous password.

Another common issue is that users are confused by the prompt and elect to ignore it by clicking Continue Log In. The user will successfully get to their desktop but will be hounded by dozens of never-ending pop-ups from every application needing access to its saved Keychain Login entry. To make matters worse (this is a common thread isn’t it?), the prompt doesn’t come back next log in like you’d expect since the issue isn’t solved. Re-syncing the Login Keychain after the user selects Continue Log In involves complex Terminal commands.

If the third option is selected, Create New Keychain, the user will temporarily lose all their saved log ins and be required to sign back in to applications like Office, Dropbox, and iCloud. If the user is a “power user” and has many websites and applications saved in their Login Keychain this can be catastrophic to productivity. IT is required to help them manually restore and re-sync the previous Login Keychain (located it ~/Library/Keychains).