Subscribe to Our Youtube Channel
Related Manuals for Novell ENHANCED SMART CARD METHOD 3.0.1 - INSTALLATION 17-07-2007
Summary of Contents for Novell ENHANCED SMART CARD METHOD 3.0.1 - INSTALLATION 17-07-2007
- Page 1 Novell Enhanced Smart Card Method Installation Guide Novell Enhanced Smart Card Method w w w . n o v e l l . c o m 3 . 0 . 1 I N S T A L L A T I O N G U I D E...
- Page 2 Further, Novell, Inc. reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity of such changes.
- Page 3 Novell Trademarks For Novell trademarks, see the Novell Trademark and Service Mark list (http://www.novell.com/company/legal/ trademarks/tmlist.html). Third-Party Materials All third-party trademarks are the property of their respective owners.
-
Page 5: Table Of Contents
Novell Client Passive Mode Login ........ - Page 6 Novell Client Single Sign-On Issues ........
-
Page 7: About This Guide
Chapter 8, “Novell Audit Integration,” on page 43 Appendix A, “Silent Method Installation on Workstations,” on page 45 Documentation Conventions In Novell documentation, a greater-than symbol (>) is used to separate actions within a step and items in a cross-reference path. ®... - Page 8 Novell Enhanced Smart Card Method Installation Guide...
-
Page 9: Overview
Overview ® The Novell Enhanced Smart Card Method (NESCM) is a Novell Modular Authentication Services (NMAS ) method that provides smart-card-based authentication to eDirectory . Smart card authentication is a two-factor authentication technique: something you know (smart card PIN) and something you have (smart card). - Page 10 Novell Enhanced Smart Card Method Installation Guide...
-
Page 11: Novell Enhanced Smart Card Method Installation
Novell Enhanced Smart Card Method Installation ® This section describes the installation of the Novell Enhanced Smart Card Method (NESCM). Section 2.1, “Minimum Requirements,” on page 11 Section 2.2, “Installing the Method,” on page 12 2.1 Minimum Requirements NESCM has the following minimum requirements: Section 2.1.1, “eDirectory Server,”... -
Page 12: Installing The Method
Installation consists of installing the method on the eDirectory server and on the client workstations. 2.2.1 eDirectory Server - Method Installation The method is installed using iManager. 1 Log in to iManager as an Administrator. Novell Enhanced Smart Card Method Installation Guide... - Page 13 New Login Method Figure 2-1 3 Click Browse and select the EnhancedSmartCard.zip file that comes with the method. This zip file contains the server components and the iManager components. Specify Method File Figure 2-2 Novell Enhanced Smart Card Method Installation...
- Page 14 5 Review the method information and modify the values as needed. If you don’t change the name, the default name (Enhanced Smart Card) is used for the method and login sequence name. Review Screen Figure 2-4 6 Click Finish. Novell Enhanced Smart Card Method Installation Guide...
-
Page 15: Client Workstation Installation
The method must be installed on each workstation. 1 Log in to each workstation as an Administrator. 2 Run Setup.exe. This installation program is located in the ...\enhancedsmartcard\client directory. 3 Review the Welcome Screen, then click Next. Welcome Screen Figure 2-6 Novell Enhanced Smart Card Method Installation... - Page 16 License Agreement Figure 2-7 5 Choose whether you need disconnected support, then click Next. Disconnected support allows you to log in to the workstation locally using the smart card. Disconnected Support Page Figure 2-8 Novell Enhanced Smart Card Method Installation Guide...
- Page 17 The ID Plugin will do a sub-tree search starting at the specified base. ID Plugin Options Page Figure 2-10 8 To use a custom password field description, select Customize password field description and type the custom description, then click Next. Novell Enhanced Smart Card Method Installation...
- Page 18 ® You can distribute the method to each workstation automatically using tools such as Zenworks Appendix A, “Silent Method Installation on Workstations,” on page 45 for detailed information about scripting the method install. Novell Enhanced Smart Card Method Installation Guide...
- Page 19 Installation Screen Figure 2-13 Novell Enhanced Smart Card Method Installation...
- Page 20 Novell Enhanced Smart Card Method Installation Guide...
-
Page 21: Configuring The Client
3.3 Custom Password Field Descriptor Novell Client uses a default "password" string to label the password entry field. When using a smart card, users enter the card's PIN, not a password, for login. To help eliminate confusion, a custom string can be specified that is used instead of the default "password"... -
Page 22: Smart Card Interface
3.6 Novell Client Passive Mode Login Passive Mode Login is new functionality added to Novell Client 4.91 SP3. In passive mode, Novell Client defers to the default MS GINA for the initial Windows login. After authentication to the workstation, Novell Client attempts to authenticate to the Novell environment. - Page 23 0 = don't require Novell login 1 = require Novell login The following is additional information regarding the Novell Clients Passive Mode and the method: If PassiveModeNDSLoginRequired set to True (1), the login experience requires a successful Novell authentication in order to succeed.
- Page 24 Novell Enhanced Smart Card Method Installation Guide...
-
Page 25: Configuring The Server
Configuring the Server The method is configured by using the iManager Smart Card Login plug-in. The method allows administrators to configure settings for the whole tree, partitions, containers, or individual users. The plug-in has the following options: Global Settings: The global settings are used to specify policies for the whole tree. Options configured globally apply to all user objects in the tree. -
Page 26: Ocsp Trusted Root Containers
Certificate: Certificate matching checks the login certificate against the list of certificates configured for the user object. Certificate-based matching is more restrictive than subject name matching because only a configured certificate can be used for login. Novell Enhanced Smart Card Method Installation Guide... -
Page 27: Certificate Expiration Warning
No Matching: No matching means no part of the login certificate must be configured on the target user account. Typically, this option would not be used for regular user accounts. A potential use would be for guest accounts. A guest account could be configured as no matching, and then anyone with a valid certificate could log in to the account. - Page 28 Novell Enhanced Smart Card Method Installation Guide...
-
Page 29: Basic Configuration Requirements
The method has a 90-day trial period. After the trial period, a valid license key must be entered to ® activate the method. A license key can be obtained from your Novell sales representative. To enter a license key, click Smart Card Login > Global Setting. Click Activate Method and enter a valid license key. - Page 30 Create Trusted Root Container Page Figure 5-2 2 Import trusted root certificates. 2a Select Novell Certificate Server > Create Trusted Root. 2b Provide a name, select the trusted root container created in Step 1, then select the certificate to import.
-
Page 31: Configuring Certificate Revocation Checking
3c Click OK. Search Containers Page Figure 5-4 5.3 Configuring Certificate Revocation Checking Trusted root containers are automatically added to the OCSP and CRL certificate revocation checking lists. Modify the lists as necessary and enable the proper revocation checking option. Figure 5-5 on page 32, both OCSP and CRL revocation checking are enabled. -
Page 32: Configuring Users
The subject name from the login certificate is configured for the user object. This is done by selecting Add and entering the subject name. The subject name can be entered directly, read from a Novell Enhanced Smart Card Method Installation Guide... - Page 33 smart card in an attached card reader, or read from a certificate file. DER and PEM certificate files are supported. Add Subject Name Page Figure 5-6 Figure 5-7 on page 33 is an example of a User object properly configured for subject name matching: Subject Name Matching Page Figure 5-7...
-
Page 34: Certificate Matching
The certificate can be read from a smart card in an attached card reader, or read from a certificate file. DER and PEM certificate files are supported. Add a Certificate Page Figure 5-8 Below is an example of a User object properly configured for certificate matching: Novell Enhanced Smart Card Method Installation Guide... -
Page 35: Temporary Certificates
Certificate Matching Page Figure 5-9 5.4.3 Temporary Certificates A temporary classification can be assigned to certificates or subject names. This is done by selecting the temporary check box when adding the certificate information. This can be useful in situations where a temporary smart card is assigned to an individual. A typical case might be when an individual misplaces or forgets his or her regular smart card. - Page 36 Temporary Certificate Subject Name Page Figure 5-10 Novell Enhanced Smart Card Method Installation Guide...
-
Page 37: Troubleshooting
6.2 Workstation Issues The following issues apply to workstations: Section 6.2.1, “Smart Card Issues,” on page 38 Section 6.2.2, “Identity Plug-in Issues,” on page 38 Section 6.2.3, “Novell Client Single Sign-On Issues,” on page 38 Troubleshooting... -
Page 38: Smart Card Issues
6.2.3 Novell Client Single Sign-On Issues The single sign-on functionality in Novell Client 4.91 SP3 does not work correctly. The problem has been identified and the Novell Client team is releasing a fix. Download and install the fix from Novell Support Web site (http://www.novell.com/support/supportcentral/ supportcentral.do?id=m1). -
Page 39: Certificate Validation Issues
6.3.2 Certificate Validation Issues If the method fails with an Invalid Certificate or Certificate Validation Failed message, the method was unable to validate the certificate sent by the workstation. Check the following items: The certificate on the smart card is not expired or has not been revoked by the issuing Certificate Authority. - Page 40 Novell Enhanced Smart Card Method Installation Guide...
-
Page 41: Security Administrator's Guide
7.5 Restricting Authentication Methods Users can be restricted to using the smart card authentication method only. This is accomplished by restricting the user to a specified NMAS authentication sequence. The NMAS Administration Guide (http://www.novell.com/documentation/nmas311/index.html)describes how to do this. Security Administrator’s Guide... -
Page 42: Identity Plug-In
The password is encrypted using a 128-bit AES key generated by using the private key on the smart card. This should be a consideration when choosing whether to use the disconnected login functionality. Novell Enhanced Smart Card Method Installation Guide... -
Page 43: Novell Audit Integration
Novell Audit Integration ® The method can report login events to the Novell Audit System. The smart card login events include specific information about the certificate used for login (Serial Number, Subject Name, Issuer, Expiration Date). In order to report audit events, the audit system must be installed and properly configured for eDirectory . - Page 44 Novell Enhanced Smart Card Method Installation Guide...
-
Page 45: A Silent Method Installation On Workstations
NOTE: You cannot use spaces in the PASSWORD_FIELD_DESC parameter on the command line. If spaces are required in the password field descriptor, you need to set the following registry setting manually: HKEY_LOCAL_MACHINE\SOFTWARE\Novell\Login\Tab Settings\Credentials\PasswordFieldDescription Parameters for the Novell Enhanced Smart Card Method Installer Table A-1 Parameter Required Description... - Page 46 ID_PLUGIN_LDAP_SEARCH_BASE LDAP search base DN, Example: specified if ou=users,o=novell ID_PLUGIN_SUPPORT= ID_PLUGIN_LDAP_SEARCH_TIMEOUT No LDAP search timeout Example: 10 integer specified if ID_PLUGIN_SUPPORT= ID_PLUGIN_LDAP_SERVERS Space-separated list of Example: LDAP servers, specified if “123.45.123.45:389 ID_PLUGIN_SUPPORT= 123.45.123.46:389” Novell Enhanced Smart Card Method Installation Guide...
Need help?
Do you have a question about the ENHANCED SMART CARD METHOD 3.0.1 - INSTALLATION 17-07-2007 and is the answer not in the manual?
Questions and answers