Unable to seamlessly login to eDir with smart card after AD login

  • 7008382
  • 15-Apr-2011
  • 11-Jun-2013

Environment

Windows 7
Windows 2008 R2
Novell Client 2 SP1 IR5
Enhanced Smart Card Method 3.0.7
"Novell Login" set to "Off" in Novell Client settings
"Login with Non-Novell Credential Provider" set to "On” in Novell Client settings

Situation

Smart Card login is not "passed through" from Active Directory to eDirectory
Unable to login to eDir with smart card on boot up
Novell Client / smart card login is not called after a successful AD smart card login.
User Prompted to login to eDir after logging on to AD.

Resolution

Beginning with Novell Client 2 SP3 for Windows (IR2), the Microsoft "SmartCardLogonNotify" policy is enabled when turning on "Login with non-Novell Credential Provider".

Previous to this release, it was necessary to create the following registry key:


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
"SmartCardLogonNotify"=dword:00000001

Cause

By default Windows 7 and Windows 2008R2 do not notify other providers of a Smart Card login.  Although not tested, we suspect that other Windows 6.x operating systems may behave the same way.

Additional Information

"Red N" login after desktop is built works fine with smart card.
User successfully logs in to both AD and eDir if logging in with a password method.
Logging in seamlessly with a smart card to both AD and eDir works fine with Windows XP and the 4.91sp5 client (with the Novell Client set to "passive mode.")