Smartcard authentication (with Kerberos) fails with Active Directory

User Source for Kerberos configured according the documentation. https://www.novell.com/documentation/zenworks11/zen11_system_admin/data/bmrfv9q.html

Trying to use the smart card to login, the ZCM authentication window still appears, authentication fails

A fix for this issue is intended to be included in a future update to the product: however, in the interim, Novell has made a Patch available for testing, in the form of a Field Test File (FTF): it can be obtained at https://download.novell.com/Download?buildid=Ejpjt5za7gc~as "ZCM 11.2.x fix for smartcard (Kerberos) authentication fails on AD - see  TID 7006987". This Patch should only be applied if the symptoms above are being experienced, and are causing problems.

This Patch has had limited testing, and should not be used in a production system without first being checked in a test environment. Some Patches have specific requirements for deployment, it is very important to follow any instructions in the readme at the download site. Please report any problems encountered when using this Patch, by using the feedback link on this TID.

The attribute userPrincipalName in AD had been changed to a different value (in this case to the smartcard serial number) from the login name. When the CASA service is doing an LDAP lookup it makes a search request for the login name, and fails.