Environment
Novell SecureLogin
NSL6
NSL installed in LDAP mode
NSL/ LDAP installed in Application mode (i.e. option selected to login to NSL/ LDAP when SecureLogin starts)
Secure Workstation
Secure Workstation locks workstation after period of inactivity
No Novell Client present on the workstation
Situation
Unable to unlock workstation with eDir password when NSL6 is installed in LDAP Application mode,
Windows password is required to unlock the workstation when NSL6 is installed in LDAP Application mode
Resolution
This is working as
designed.
Workaround: Install NSL in LDAP GINA mode. Installed in GINA mode, the option to unlock with eDir credentials will also be available. The only practical difference between the two modes is that in GINA mode the first NSL user will need to login to LDAP/ eDir when the workstation is initially booted up. After that, the two modes function exactly the same.
Cause:
To lock the workstation, SecureWorkstation simply calls the Windows api 'LockWorkstation.' With this call, the passwords used to login at initial bootup will be available for unlocking the workstation. When NSL is installed Application mode, no login to NDS is made at bootup; so the only option for unlocking the workstation is with the Windows password.
Installed in GINA mode, NSL authenticates to eDirectory at the time of initial login. Thus unlocking the workstation with the eDir password is only available if SecureLogin is installed in GINA.
Tid 3009412, "Description of NSL LDAP installation options" provides additional information on the various NSL/ LDAP installation modes.
Workaround: Install NSL in LDAP GINA mode. Installed in GINA mode, the option to unlock with eDir credentials will also be available. The only practical difference between the two modes is that in GINA mode the first NSL user will need to login to LDAP/ eDir when the workstation is initially booted up. After that, the two modes function exactly the same.
Cause:
To lock the workstation, SecureWorkstation simply calls the Windows api 'LockWorkstation.' With this call, the passwords used to login at initial bootup will be available for unlocking the workstation. When NSL is installed Application mode, no login to NDS is made at bootup; so the only option for unlocking the workstation is with the Windows password.
Installed in GINA mode, NSL authenticates to eDirectory at the time of initial login. Thus unlocking the workstation with the eDir password is only available if SecureLogin is installed in GINA.
Tid 3009412, "Description of NSL LDAP installation options" provides additional information on the various NSL/ LDAP installation modes.