Environment
Novell SecureLogin
NSL7
Windows XP sp3 workstations
AutoAdminLogon configured
No Novell client installed
NSL installed in LDAP GINA mode
NSL7
Windows XP sp3 workstations
AutoAdminLogon configured
No Novell client installed
NSL installed in LDAP GINA mode
Situation
User is prompted for SecureLogin credentials after seamlessly logging in to the workstation with AutoAdminLogon.
Workstation does not pause at the SecureLogin GINA during bootup; SecureLogin GINA does not appear as the workstation GINA.
Workstation does not pause at the SecureLogin GINA during bootup; SecureLogin GINA does not appear as the workstation GINA.
Resolution
Working as designed.
When using AutoAdminLogon install SecureLogin in either Credential manager or (better) in Application mode.
When using AutoAdminLogon install SecureLogin in either Credential manager or (better) in Application mode.
Additional Information
The three LDAP installation options for SecureLogin were designed for different purposes. GINA mode (option to launch SecureLogin WHEN logging into Windows) replaces the workstation GINA. It prompts the user for credentials and authenticates to the directory via LDAP, and also logs on to the Windows workstation or domain. GINA mode was not intended for use with AutoAdminLogon and does not work with it. Unexpected results may occur.
Credential Manager mode (option to launch SecureLogin AFTER logging into Windows) does not change the workstation GINA, but registers SecureLogin as a credential manager. As such SecureLogin receives notification from Windows when authentication events occur. SecureLogin uses the credentials entered in the workstation GINA (either the Windows or Novell Client GINA) and uses those credentials to make an LDAP connection to eDirectory and launch SecureLogin. Credential Manager mode works well with AutoAdminLogon in that no user intervention is required to authenticate to Windows or to eDirectory (via LDAP). It should be noted, however, that SecureLogin will be opened as the user for whom AutoAdminLogon is enabled. This may not be what is desired.
Application mode ("When SecureLogin starts" installation option) was actually designed with AutoAdminLogon in mind. In Application mode, the user must manually authenticate to the directory and launch SecureLogin through the SecureLogin login dialog. There is no provision to seamlessly make an LDAP connection to the directory in Application mode. Application mode works well with AutoAdminLogon; the Windows desktop is built with a generic user already logged in, and the SecureLogin authentication dialog is presented for the eDirectory login. When finished, users then log out of the directory only, leaving the workstation still up and running as the generic Windows user. A new user can then login to the directory and launch SecureLogin. Adding DAS or SecureWorkstation for fast user switching and to lock down the workstation results in a typical SecureLogin kiosk implementation.
Credential Manager mode (option to launch SecureLogin AFTER logging into Windows) does not change the workstation GINA, but registers SecureLogin as a credential manager. As such SecureLogin receives notification from Windows when authentication events occur. SecureLogin uses the credentials entered in the workstation GINA (either the Windows or Novell Client GINA) and uses those credentials to make an LDAP connection to eDirectory and launch SecureLogin. Credential Manager mode works well with AutoAdminLogon in that no user intervention is required to authenticate to Windows or to eDirectory (via LDAP). It should be noted, however, that SecureLogin will be opened as the user for whom AutoAdminLogon is enabled. This may not be what is desired.
Application mode ("When SecureLogin starts" installation option) was actually designed with AutoAdminLogon in mind. In Application mode, the user must manually authenticate to the directory and launch SecureLogin through the SecureLogin login dialog. There is no provision to seamlessly make an LDAP connection to the directory in Application mode. Application mode works well with AutoAdminLogon; the Windows desktop is built with a generic user already logged in, and the SecureLogin authentication dialog is presented for the eDirectory login. When finished, users then log out of the directory only, leaving the workstation still up and running as the generic Windows user. A new user can then login to the directory and launch SecureLogin. Adding DAS or SecureWorkstation for fast user switching and to lock down the workstation results in a typical SecureLogin kiosk implementation.