8.13 Setting Up NMAS Based Windows Logon

The NMAS for Windows Logon support allows the smart card to be used for a workstation login when eDirectory is not available or eDirectory login is not desired. This is useful in situations where network connectivity is not always available, such as for laptop users.

To enable the NMAS for Windows Logon feature:

After enabling NMAS for Windows Logon feature, you can disable it for a specific workstation as well as exempt some users from using it.

After a successful eDirectory plus workstation login (enrollment), the NMAS for Windows Logon functionality encrypts and stores the credentials for future computer only logins. This means that a successful enrollment must have occurred before NMAS for Windows Logon functionality is available.

8.13.1 Enrolling Users for “NMAS for Windows Logon”

  1. Insert the smart card that is configured in the eDirectory. For more information, see Configuring the Server in the Novell Enhanced Smart Card Method Installation and Administration Guide.

  2. On the Log on to Novell Network page, enter the eDirectory username and pin.

  3. Click Show Advanced Options to display the Novell Login dialog box.

  4. On the eDirectory tab, specify the tree name, tree context, and the server name.

  5. On the NMAS tab, select the sequence as Enhanced Smart Card, then click Apply.

  6. Click the icon.

    You are logged in to the network through the eDirectory credentials.

  7. On the Log on to this Computer page, specify the Windows user credentials (username and password), then click the login icon.

    You are logged on to the workstation through the Windows credentials.

  8. Log out of the workstation.

    For subsequent logins, it's enough to provide the enrolled local user name, the smart card and the smart card pin, and you are seamlessly logged on to the workstation.

8.13.2 Performing an NMAS Based Windows Logon

  1. Insert the smart card that is configured in the eDirectory.

  2. On the Windows 8/ Windows 7/ Windows 2012 credential provider page, click Computer Only Logon, to display the Log on to this computer screen.

  3. Select Use NMAS for Windows Logon check box, enter the enrolled local username, and the smart card pin.

    NOTE:You can also login using your password if Require Smart Card for Workstation Only Login is not enabled at the time of IAS client installation. For more information, refer <IAS Section>. Deselect the Use NMAS for Windows Logon check box for a Windows password based login. It is recommended to remove the smart card from the smart card reader during this login.

  4. Click the icon and you are logged on to the workstation.

8.13.3 Creating an Exception List

Exception List is used to exempt some users from using NMAS based Windows Logon. This can be used only when the Require Smart for Workstation Only Login check box is enabled at the time of IAS client installation.

  1. Open Windows registry editor.

  2. Create a key named Disconnected Login under HKEY_LOCAL_MACHINE > SOFTWARE > NOVELL > Login.

  3. Right-click to create a value named Enforcement Exception List of type multi-string value.

  4. Open the Enforcement Exception List entry, add usernames that have to be exempted from NMAS based Windows Logon, then click OK.

    Separate each username with a Return Key press.

    NOTE:The usernames can be in any of the following formats: simple user names such as john, user names preceded by domain names (for example, domainname\john), and UPN format user names such as john@domainname.com.

  5. Close the registry.

    You have successfully created an exception list. Users in this list can login using their password after deselecting the Use NMAS for Windows Login check box in the Windows Log on to this computer page.

8.13.4 Suppressing the NMAS Support for Computer Only Logon

  1. Right-click the icon in the notification area.

  2. Click Novell Client Properties to display the Novell Client for Windows Properties dialog box.

  3. On the Advanced Login tab, select Suppress NMAS Support for Computer Only Logon, then select On in the Setting list.

    By default, the value of Settings is set to Off.

    You have successfully suppressed the NMAS support for computer only logon for this workstation. In the consecutive login attempts, you can log on to the workstation using password.