Environment
Novell SecureLogin
Novell ZENworks 10 Configuration Management
Situation
Unable to have a single login that authenticates to NSL, ZCM, and Windows.
Resolution
For a seamless login to all of these products, the GINA must be set to "NWGINA.DLL".
To do this, ensure that "HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon,GINADLL" is set to "NWGINA.DLL".
NWGINA can run in two modes: Passive Mode and Non-Passive mode.
1. Passive Mode:
- NWGina creates a GINA chain to MSGINA.
- MSGINA is presented to the user for authentication.
- Windows Authentication happens first.
- Windows Authentication happens first.
- Credentials passed to NWGINA to authenticate to NSL and ZENworks.
To Enable Passive Mode, create the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Novell\NWGINA,PassiveMode=dword:00000001
2.Non-Passive Mode:
- Completely replace MSGINA.
- NSL authentication dialog is presented to the user.
- NSL authentication happens first, then ZENworks Authentication, and finally Windows authentication.
"Non-Passive mode" is the default and NSL and ZCM are installed on the same device and will occur anytime "Passive Mode" it is not explicitly enabled via the registry key above.
Additional Information
Some NSL configurations may require the additional registry key for NSL authentication:
HKEY_LOCAL_MACHINE\SOFTWARE\Novell\Login\LDAP,DoNTAssoc=dword:00000001
If Novell Client is not used, add the registry key:
HKLM\Software\Protocom\SecureLogin\ForceHKLMandNoDPAPI=1 (DWORD)
If Novell Client is not used, add the registry key:
HKLM\Software\Protocom\SecureLogin\ForceHKLMandNoDPAPI=1 (DWORD)