Environment
Novell SecureLogin
NSL7
Windows XP sp3 workstations
AutoAdminLogon configured
No Novell client installed
NSL installed in LDAP GINA mode
NSL7
Windows XP sp3 workstations
AutoAdminLogon configured
No Novell client installed
NSL installed in LDAP GINA mode
Situation
User is prompted for SecureLogin credentials after seamlessly logging in to the workstation with AutoAdminLogon.
Workstation does not pause at the SecureLogin GINA during bootup; SecureLogin GINA does not appear as the workstation GINA.
Workstation does not pause at the SecureLogin GINA during bootup; SecureLogin GINA does not appear as the workstation GINA.
Resolution
When using AutoAdminLogon install SecureLogin in either Credential Manager mode or (preferred) in Application mode. SecureLogin GINA mode was not designed for AutoAdminLogon.
Additional Information
The three LDAP installation options for SecureLogin were designed for different purposes. GINA mode (option to launch SecureLogin WHEN logging into Windows) replaces the workstation GINA. It prompts the user for credentials and authenticates to the directory via LDAP, and also logs on to the Windows workstation or domain. GINA mode was not intended for use with AutoAdminLogon and does not work well with it. Unexpected results may occur.
Credential Manager mode (option to launch SecureLogin AFTER logging into Windows) does not change the workstation GINA, but registers SecureLogin as a credential manager. As such SecureLogin receives notification from Windows when authentication events occur. SecureLogin uses the credentials entered in the workstation GINA (either the Windows or Novell Client GINA) and uses those credentials to make an LDAP connection to eDirectory and launch SecureLogin. Credential Manager mode works with AutoAdminLogon in that no user intervention is required to authenticate to Windows or to eDirectory (via LDAP). It should be noted, however, that SecureLogin will be opened as the user for whom AutoAdminLogon is enabled. This may not be what is desired.
Application mode ("When SecureLogin starts" installation option) was designed with AutoAdminLogon in mind. In Application mode, the user must manually authenticate to the directory and launch SecureLogin through the SecureLogin login dialog; there is no provision to seamlessly make an LDAP connection to the directory in Application mode. Application mode works well with AutoAdminLogon; the Windows desktop is built with a generic user already logged in, and the SecureLogin authentication dialog is presented for the eDirectory login. When users log out of the directory the workstation remains up and running with the the generic Windows user still logged in. A new user can then login to the directory and launch SecureLogin. Adding DAS or SecureWorkstation for fast user switching and to lock down the workstation results in a typical SecureLogin kiosk implementation.
Credential Manager mode (option to launch SecureLogin AFTER logging into Windows) does not change the workstation GINA, but registers SecureLogin as a credential manager. As such SecureLogin receives notification from Windows when authentication events occur. SecureLogin uses the credentials entered in the workstation GINA (either the Windows or Novell Client GINA) and uses those credentials to make an LDAP connection to eDirectory and launch SecureLogin. Credential Manager mode works with AutoAdminLogon in that no user intervention is required to authenticate to Windows or to eDirectory (via LDAP). It should be noted, however, that SecureLogin will be opened as the user for whom AutoAdminLogon is enabled. This may not be what is desired.
Application mode ("When SecureLogin starts" installation option) was designed with AutoAdminLogon in mind. In Application mode, the user must manually authenticate to the directory and launch SecureLogin through the SecureLogin login dialog; there is no provision to seamlessly make an LDAP connection to the directory in Application mode. Application mode works well with AutoAdminLogon; the Windows desktop is built with a generic user already logged in, and the SecureLogin authentication dialog is presented for the eDirectory login. When users log out of the directory the workstation remains up and running with the the generic Windows user still logged in. A new user can then login to the directory and launch SecureLogin. Adding DAS or SecureWorkstation for fast user switching and to lock down the workstation results in a typical SecureLogin kiosk implementation.