The NMAS for Windows Logon support allows the smart card to be used for a workstation login when eDirectory is not available or eDirectory login is not desired. This is useful in situations where network connectivity is not always available, such as for laptop users.
To enable the NMAS for Windows Logon feature:
Install IAS (Identity Assurance Client) 3.0.8. IAS installation triggers Novell Client 2 SP3 for Windows (IR2a) and NESCM 3.0.8 (Novell Enhanced Smart Card Method) installation. For more information on the IAS installation, see Novell Enhanced Smart Card Method Installation in the Novell Enhanced Smart Card Method Installation and Administration Guide.
NOTE:NMAS Client 3.5.1 or later is required for NMAS Based Windows Logon to work. NMAS Client 3.5.1 gets installed by default along with Novell Client 2 SP3 for Windows (IR2a).
Enroll the workstation users with the eDirectory user.
After enabling NMAS for Windows Logon feature, you can disable it for a specific workstation as well as exempt some users from using it.
After a successful eDirectory plus workstation login (enrollment), the NMAS for Windows Logon functionality encrypts and stores the credentials for future computer only logins. This means that a successful enrollment must have occurred before NMAS for Windows Logon functionality is available.
Insert the smart card that is configured in the eDirectory. For more information, see Configuring the Server in the Novell Enhanced Smart Card Method Installation and Administration Guide.
On thepage, enter the eDirectory username and pin.
Clickto display the dialog box.
On thetab, specify the tree name, tree context, and the server name.
On thetab, select the sequence as , then click .
Click the icon.
You are logged in to the network through the eDirectory credentials.
On thepage, specify the Windows user credentials (username and password), then click the login icon.
You are logged on to the workstation through the Windows credentials.
Log out of the workstation.
For subsequent logins, it's enough to provide the enrolled local user name, the smart card and the smart card pin, and you are seamlessly logged on to the workstation.
Insert the smart card that is configured in the eDirectory.
On the Windows 8/ Windows 7/ Windows 2012 credential provider page, click, to display the Log on to this computer screen.
Selectcheck box, enter the enrolled local username, and the smart card pin.
NOTE:You can also login using your password if Require Smart Card for Workstation Only Login is not enabled at the time of IAS client installation. For more information, refer <IAS Section>. Deselect the Use NMAS for Windows Logon check box for a Windows password based login. It is recommended to remove the smart card from the smart card reader during this login.
Click the icon and you are logged on to the workstation.
Exception List is used to exempt some users from using NMAS based Windows Logon. This can be used only when the Require Smart for Workstation Only Login check box is enabled at the time of IAS client installation.
Open Windows registry editor.
Create a key namedunder .
Right-click to create a value namedof type multi-string value.
Open theentry, add usernames that have to be exempted from NMAS based Windows Logon, then click .
Separate each username with a Return Key press.
NOTE:The usernames can be in any of the following formats: simple user names such as john, user names preceded by domain names (for example, domainname\john), and UPN format user names such as firstname.lastname@example.org.
Close the registry.
You have successfully created an exception list. Users in this list can login using their password after deselecting thecheck box in the page.
Right-click the icon in the notification area.
Clickto display the Novell Client for Windows Properties dialog box.
On thetab, select , then select in the list.
By default, the value of Settings is set to Off.
You have successfully suppressed the NMAS support for computer only logon for this workstation. In the consecutive login attempts, you can log on to the workstation using password.