If you are using Novell® SecureLogin (NSL) in SecretStore mode, upgrade all servers running Novell SecretStore® to version 3.3.2 or later before deploying NSL 3.51.2.
Failure to do this could result in the loss of all secrets for upgraded users.
SecretStore 3.3.2 is provided with NSL 3.51.2. Updates for each supported platform are located in the \SecStore\Server directory.
Because the documentation is continuously updated, documentation is not included on the product CD or download image. Instead, documentation is provided on the Novell Web site. By using this online documentation, you have the latest information, including documentation updates, for the following:
View or download documentation at:
http://www.novell.com/documentation/securelogin3512/index.html
Now you can specify a certificate file through the registry while authenticating to non-eDirectoryTM servers including Active Directory and Sun One directory.
NOTE: To make the configurable features mentioned above functional, refer to TID 10093336 on the Novell Support Web site.
Novell International Cryptography Infrastructure (NICI) gets installed automatically when SecureLogin is installed in any of the following modes:
However, if you uninstall SecureLogin, the NICI client remains because other Novell services (for example, NMAS, ConsoleOne®, and NetIdentity) might also need the NICI client.
If you plan to uninstall the NICI client, ensure that it is no longer needed before you remove it. To uninstall the NICI client, use Add/Remove Programs.
On an eDirectory 8.7 Windows 2000 server, if ldapschema.exe is run on a Windows 98 workstation and the Windows 2000 server is running eDirectory 8.7 clients, the client is sometimes unable to read the schema error message.
To resolve this issue, run ldapschema.exe from the Windows 2000 server.
Depending on what files were locked and the options that you select during an install, you might need to reboot the workstation. If this is the case, at the end of the install a dialog box prompts you to log in with administrative rights after the reboot. This applies to all Windows NT*-based operating systems.
Make sure that the first user to log in after the install or reboot has administrative rights to the workstation.
If you have installed all of the following on a workstation, you are disconnected from both the Novell ClientTM and LDAP connections when you log off:
User IDs, applications, and password policies must all have unique names. Additionally, you cannot create an application named "Error".
If you install SecureLogin with the SecretStore client in the eDirectory mode, you cannot add an application and name it App1 (for example) if a password policy already exists with the name App1.
Under the following conditions, you might not be able to log in to your workstation:
To solve the problem:
The NetIdentity client does not work if SecureLogin is installed in LDAP non-eDirectory mode. This is because NetIdentity requires the eDirectory environment to work.
If a default login does not contain data, ScptEdit does not display the default login. However, links are displayed through the main User IDs page.
If a SecureLogin 3.51.2 client in SecureLogin 3.0 mode sets a preference that should be filtered out, the data is still saved to the local cache but not to the directory. The result is that a setting might appear to be set at the local client, but you cannot see it in the directory.
When you select the User ID tab from the Manage Logins option, and then try to delete a user ID, you are unable to delete a default login. To delete the default login, you must remove the associated application.
In ConsoleOne, you can set the Cache Refresh Interval on a client workstation to a positive number other than 0. If you change the setting to 0 on a client workstation, the Cache Refresh Interval changes to the default setting, erasing the setting you made in ConsoleOne.
When SecureLogin runs with the Novell Client, the client does not send a change notification to SecureLogin. Old passwords will now unlock the cache. You must log out and log back in (or wait for a cache refresh) for a password change to take effect.
For details, see TID 10092159 on the Novell Support Web site.
If SecureLogin is installed on a Citrix* Metaframe* Presentation Server 3.0, passthrough authentication might not be successful. This occurs if you set up the following configuration on the Citrix server:
When you attempt a connection with the Citrix server, the error message Unable to find Novell Login window. Press Cancel to stop finding or Retry to continue is displayed with window title SLAA Citrix Server for Novell.
If you click Retry, SecureLogin enters the user credentials in the Novell Login dialog box and passthrough continues normally. If you click Cancel, SecureLogin exits and the Novell Login dialog box prompts you to enter credentials (manually).
For details, see "Troubleshooting" section in the Nsure SecureLogin 3.51.2 Terminal Services Guide.
To enable SecureLogin for ICA connectivity on Citrix servers, create the following two registry values under the key HKLM\Software\Protocom\VirtualChannel:
AutoDetect REG_SZ 0
protocol REG_SZ ICA
The Secure Workstation Post-Login Method fails if you attempt to log in with it before configuring a Network Policy for Secure Workstation.
To configure a Network Policy:
Some settings, such as Password Protect the System Tray Icon, require you to input a network password. If Microsoft* Active Directory has told a user to change a password during the next login, these settings fail and a system message (for example, password expired or wrong password) is displayed.
In Active Directory's MMC, the Current Object Version (displayed in the Advanced Settings page) might not update immediately when the directory database version is changed. To update, click OK, then exit the MMC Properties dialog box.
When SecureLogin is installed, the NMAS client and, optionally, a number of NMAS login methods can be installed as well. If the NMAS Client is installed, the Novell Client interface changes, the password field disappears.
However, if you uninstall SecureLogin, the NMAS client remains, as does the different-looking Novell Client. The NMAS client and any NMAS methods, can be uninstalled through Add/Remove Programs.
If users are to log in to an eDirectory server by using SecureLogin LDAP Authentication and any NMAS method, you must install the NMAS Simple Password. Also, all users authenticating via LDAP must have a simple password assigned to them. Otherwise, the users are prompted to log in more than once.
If you plan to use the LDAP client and any NMAS method, do the following:
If you are currently using the Simple Password method and plan to continue using it with SecureLogin 3.51.2, you must install the NMAS 2.2 version of the Simple Password Login Server Method before installing SecureLogin 3.51.2. NMAS files are on the SecureLogin CD or in the download image.
You receive a Login failed error when you create an NDS® or Simple Password sequence in ConsoleOne. A fix for this issue is targeted for a later release of NMAS.
If the NMAS Sequence Selection dialog box is disabled on LDAP, you have an earlier version of NMAS. To use NMAS over LDAP, install the NMAS 2.7 available in the SecureLogin CD.
If you log in using NMAS method, the script that runs ?syspassword displays incorrect values (instead of the password) if you have not selected Enable Password Field in Novell Client Login dialog box.To select Enable Password Field:
If your login password contains the delimiter character (|), the SecureLogin client displays the LDAP authentication dialog box for a second time. This issue occurs on a first-time successful authentication to the eDirectory server with SecureLogin installed in LDAP GINA or in Credential manager mode.
To prevent this from happening, avoid using the delimiter character (|) when you create your password.
SecureLogin does not support Universal Password authentication if it is using the Novell LDAP module.
On VMWare*, SecureLogin fails to detect the network connection status. Therefore, SecureLogin will be in the offline mode.
SecureLogin, installed in the Active Directory environment with LDAP as the protocol, gives application errors and closes down when switched to Offline mode.
If you enable LDAP debug logging, SecureLogin might hang. This occurs in the Active Directory environment if you use LDAP as the protocol.
After unlocking the workstation, SecureLogin displays the LDAP login dialog box if all of the following occur:
SecureLogin prompts the user to reauthenticate to ensure that the same user has unlocked the workstation.
For details, see "Troubleshooting SecureLogin" section in the Nsure SecureLogin 3.51.2 Administration Guide.
If you plan to use SecretStore on the client (SecretStore mode), install or upgrade to SecretStore 3.3.2 on the server before selecting the SecretStore option during the client install.
On Windows 98 in eDirectory SecretStore mode, SecureLogin is unable to unlock the local cache with an NDS password. The passphrase works as expected.
While running TLaunch in the background, tlaunch.exe fails to terminate even after the full script is run or the EndScript command is executed. Tlaunch.exe continues to run even after signing in to the terminal emulator.
To resolve this issue, you can add the KillApp command to the end of tlaunch.exe script.But, if you are running multiple copies of the terminal emulator, the KillApp command might kill all emulator sessions. To avoid this, use the keystrokes that you normally use to terminate the application. For example: Alt+F4, Alt+F+X, Ctrl+C, or Ctrl+X (depending on the terminal emulator/application that you use).
A fix for this issue is targeted for a later release.
For support, refer to the following:
Customers can also call Novell Technical Support for technical support problems. The support phone number is 1-800-858-4000.
Novell, Inc. makes no representations or warranties with respect to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to revise this publication and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes.
Further, Novell, Inc. makes no representations or warranties with respect to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity of such changes.
You may not use, export, or re-export this product in violation of any applicable laws or regulations including, without limitation, U.S. export regulations or the laws of the country in which you reside.
Copyright © 2005 Novell, Inc. All rights reserved. No part of this publication may be reproduced, photocopied, stored on a retrieval system, or transmitted without the express written consent of the publisher.
Novell, Inc. has intellectual property rights relating to technology embodied in the product that is described in this document. In particular, and without limitation, these intellectual property rights may include one or more of the U.S. patents listed at http://www.novell.com/company/legal/patents/ and one or more additional patents or pending patent applications in the U.S. and in other countries.
Novell, ConsoleOne, Novell Directory Services and NDS, Novell SecretStore, Nsure, and ZENworks are registered trademarks of Novell, Inc. in the United States and other countries.
eDirectory, Client32, NMAS, and Novell Client are trademarks and Novell Technical Services is a service mark of Novell, Inc.
All third-party trademarks are the property of their respective owners.