Choosing to install Novell SecureLogin in a Novell eDirectory environment installs Novell SecureLogin on networks that are running eDirectory. This option provides you a secure, centralized storage of user login data by performing encryption on the workstation before the data is saved to eDirectory.
NOTE:The procedures for installing on administrator workstations and user workstations are the same.
The following procedure uses the Microsoft Windows Vista 64-bit installer.
Log in to the workstation as an administrator.
Double-click Novell SecureLogin.msi located in the SecureLogin\Client\x64 directory of the Novell SecureLogin installer package. The Welcome to the Installation Wizard for Novell SecureLogin is displayed.
Click
. The License Agreement page is displayed.Accept the license agreement, then click
.The Destination Folder page is displayed. By default, the program is saved in C:\Program Files\Novell\SecureLogin\.You can accept the default folder or choose to change.
To change, click
and navigate to your desired folder.Click
. Select a Datastore for SecureLogin (that is, the installation environment) page is displayed.Select
as the platform where Novell SecureLogin stores its data, then click .Select the protocol to access eDirectory.
If the Novell Client is installed, the installation program recommends the
option. Otherwise, LDAP is recommended.The following page is displayed only if you have the Novell Client for Windows installed on your machine. Otherwise, LDAP is auto-selected as the protocol.
(Conditional) If you selected Step 7:
inClick Next. Continue with Step 9.d.
(Conditional) If you selected Step 7;
inClick
. The LDAP authentication setup dialog box is displayed.Click
. The LDAP server information dialog box is displayed. Select one of the following options:When Logging into Windows: This is the LDAP (GINA) mode. If you select this option, the default Windows login dialog box is replaced by the Novell SecureLogin authentication dialog box . If the directory authentication is successful, Novell SecureLogin launches seamlessly.
Continue with Step 9.c.
After Successfully logging into Windows: This is the LDAP Credential Manager mode. If you select this option, Novell SecureLogin login dialog box appears after logging in to Windows and before the desktop screen appears. Novell SecureLogin starts seamlessly after the desktop opens.
Select the login user to be associated with your LDAP distinguished user.
Click
. Select how you want to associate your Windows username with the LDAP distinguished name.Click Step 9.c.
and continue withIn the complete mode of installation, the install takes the default values and proceeds with the installation. If the Novell Client is installed, the default account association is Novell Client association. If you do not have the Novell Client installed, the default account association is a Windows association.
However, if you want to associate the account to the Novell Client, change the registry setting in hklm/software/novell/login/ldap as follows:
DoNTAssoc DWORD 1
DoClient32Assoc DWORD 0
When SecureLogin Starts: This is the LDAP authentication mode. Novell SecureLogin launches after the desktop comes up. Otherwise, the desktop loads and you must manually launch Novell SecureLogin.
Continue with Step 9.c.
Click
. Specify the LDAP server information.Click
. The smart card dialog box is displayed.(Conditional) If you want to use a smart card, select Step 12.
>, click then continue withIMPORTANT:If your enterprise policy allows users log in to the workstation by using a smart card, you must select the smart card option.
(Conditional) If you do not want to use a smart card, select Step 14.
>, click , then continue withSelect a cryptographic service provider from which Novell SecureLogin requests PKI credentials through a Microsoft Crypto API.
Select a PKCS#11 compatible library required for accessing the smart card, then click
.This specifies the location of the cryptographic token interface installed as part of the smart card vendor’s software. These API files are used by Novell SecureLogin to communicate with the smart card.
Manually configuring the third-party smart card PKCS library assumes a high level of understanding of the cryptographic service provider’s product.
Select the eDirectory features that you want to install, then click
.You can select both
and .Select the NMAS Methods, such as pcProx and Secure Workstation, then proceed with the installation.
(Conditional) If you selected Step 14. ensure that SecretStore is installed on a server, then continue with Step 18.
inFor more information on SecretStore, see “Installing SecretStore” in the SecretStore 3.4 Administration Guide.
(Conditional) If you selected Step 14, the NMAS Client Login Methods dialog box is displayed.
inSelect
, then click . The pcProx card reader options dialog box is displayed.Select either
or .Click
. The pcProx card reader options dialog box is displayed.Select a port for the proximity reader.
Click
. The Client32 Login Information dialog box is displayed. Specify the Tree, Server, and Sequence information.Click
. The LDAP server dialog box is displayed. Specify the server and alternate server information.Click
. Specify the number of failures that are allowed before reporting a device removal event to Secure Workstation.Click
. The cache option dialog box is displayed.pcProx supports LDAP connections over Secret Socket Layer (SSL) only.
Select the location where you want Novell SecureLogin to store the local cache.
The cache path should include a user identifier in it, such as %AppData% or %username%.
Click
. The installation features dialog box is displayed.Select a location for the configuration file.
If you select
as the location, you must specify the tree or the IP address of the server and specify a value of the config object on the server tree.Click
. The Ready to Install the Program page is displayed.Click
.Click
.You are prompted to restart your system. Select
. .