Environment
Novell ZENworks 11 Configuration Management Authentication
Novell ZENworks 11 Configuration Management Policies
Novell ZENworks 10 Configuration Management with Support Pack 2 - 10.2 AuthenticationNovell ZENworks 10 Configuration Management with Support Pack 2 - 10.2 Policies
Situation
Using DLU (Dynamic Local User) policy with options "Use the credential specified below (Always volatile)", "Manage existing user account (if any)", and "Enable Volatile User cache"
Cannot login to local account when disconnected from the network
Cannot login to local account when disconnected from the network
Resolution
ZENworks 11 adds the ability to choose if the User Source Password should be used, as part of the policy, so when using ZENworks 11, the fix shown below is not required - see https://www.novell.com/documentation/zenworks11/zen11_cm_policies/data/bag90oi.html
This is fixed in version 10.2.2 - see KB 7004803 "ZENworks 10 Configuration Management 10.2.2 - update information and list of fixes" which can be found at https://www.novell.com/support
With this version in place, create a registry value
With this version in place, create a registry value
\\HKLM\SOFTWARE\Novell\NWGINA\Dynamic Local User\EnableEDirPasswordForFAThis setting will cause the password of the DLU account to be set to the password of the eDirectory user at login time, and it is this password that can be used in disconnected mode. It is therefore necessary for the eDirectory user to login to the workstation when connected to the network, before attempting to login in disconnected mode.
Type : Dword
ValueData : 1
Additional Information
By default, when a DLU account with the option "Use the credential specified below (Always volatile)", the password used is random: from 10.2.2 onwards, this new option allows the password to be set to that of the last logged-in eDirectory user.