How to Configure NSL Login to work with ZCM Login

  • 7005947
  • 11-May-2010
  • 30-Apr-2012

Environment

Novell SecureLogin
Novell ZENworks 10 Configuration Management

Situation

Unable to have a single login that authenticates to NSL, ZCM, and Windows.

Resolution


For a seamless login to all of these products, the GINA must be set to "NWGINA.DLL".
To do this, ensure that "HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon,GINADLL" is set to "NWGINA.DLL".
 
NWGINA can run in two modes:  Passive Mode and Non-Passive mode.
 
1. Passive Mode:

- NWGina creates a GINA chain to MSGINA.
- MSGINA is presented to the user for authentication.
- Windows Authentication happens first. 
- Credentials passed to NWGINA to authenticate to NSL and  ZENworks.
 
To Enable Passive Mode, create the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Novell\NWGINA,PassiveMode=dword:00000001
 
2.Non-Passive Mode:
 
 - Completely replace MSGINA.
 - NSL authentication dialog is presented to the user.
 - NSL authentication happens first, then ZENworks Authentication, and finally Windows authentication.
 
"Non-Passive mode" is the default and NSL and ZCM are installed on the same device and will occur anytime "Passive Mode" it is not explicitly enabled via the registry key above.

Additional Information

Some NSL configurations may require the additional registry key for NSL authentication:
HKEY_LOCAL_MACHINE\SOFTWARE\Novell\Login\LDAP,DoNTAssoc=dword:00000001

If Novell Client is not used, add the registry key:
HKLM\Software\Protocom\SecureLogin\ForceHKLMandNoDPAPI=1 (DWORD)