How to configure "Computer Only Logon If Not Connected" functionality
This document (7009517) is provided subject to the disclaimer at the end of this document.
Novell Client 2 SP2 for Windows 7
Novell Client 2 SP2 for Windows 2008
Novell Client 2 SP2 for Windows 2008 R2
1. Log on to the Windows machine with administrative privileges.
2. Edit the registry and navigate to the existing
3. Create a subkey named Computer Only Logon If Not Connected, such that a key path of \HKEY_LOCAL_MACHINE\Software\Novell\Login\Computer Only Logon If Not Connected\ now exists.
4. Under the Computer Only Logon If Not Connected key, create the following entries:
- A DWORD (32-bit) value named Enable. If the value of this entry is set to 1, the Computer Only Logon If Not Connected feature is enabled. If this value does not exist or is set to 0 (zero), the feature is disabled.
- Optionally, create a Multi-String (not String) value named Network Category List. This Multi-String can be set to one or more of the following values, which correspond to the names Windows uses to describe network categories: Home, Work and Public.
- Optionally, create a Multi-String named Network Name List. This Multi-String can contain a list of one or more names that have been assigned to networks identified by Windows. For example, Network 1, Network 2, My-Residence, My-Office and so on.
- Optionally, create a DWORD(32 bit) value named Use Lists for Novell Logon. If the value of this entry is set to 1, the Network Catrgory List and Network Name List values will be interpreted as criteria for networks which CAN access Novell eDirectory servers, and when networks matching these criteria are present the Novell Client should attempt a normal Novell Logon. If the Use Lists for Novell Logon value does not exist or is set to 0 (zero), the Network Category List and Network Name List values will be interpreted as criteria for networks which CAN NOT access Novell eDirectory servers, and if all connected networks match this criteria the Novell Client should skip the eDirectory login attempt and proceed immediately with a Computer Only Logon instead. Continue reading the description below of the Network Category List and Network Name List values for additional explanation.
The Computer Only Logon If Not Connected feature takes effect when the Enable value is set to 1, even without the Network Category List or Network Name List values being defined. When the Computer Only Logon If Not Connected feature is enabled, at minimum the Novell Client will automatically perform a Computer Only Logon instead of a Novell Logon if Windows reports there are not any active network interfaces when the logon attempt is initiated.
If the Network Category List is defined, the Novell Client will query Windows to determine what category each identified network belongs to. (Work, Home, or Public.) The Network Category List names which Windows network categories the Computer Only Logon If Not Connected feature should assume CAN NOT access Novell eDirectory servers.
Note this means if any one of the currently active networks detected by Windows is assigned to a category which does NOT appear in the configured Network Category List, the Computer Only Logon If Not Connected functionality will
not engage. For example, assume the Network Category List has been configured with Home and Public. During the next logon attempt, Windows reports there are two Public networks detected and one Work network detected. In this case the Novell Client will perform a normal Novell logon, because there one network present (the Work network) which isn't in the Network Category List.
If the Network Name List is defined, the Novell Client first performs the Network Category List processing described above if the Network Category List is defined. After matching the active network categories against the Network Category List, if there is still one or more active Windows networks which hasn't been excluded based on category, the Novell Client will match those network names against the Network Name List. The Network Name List names individual Windows network names the Computer Only Logon If Not Connected feature should assume CAN NOT access Novell eDirectory servers, regardless of what Windows network category the named networks belong to.
For example, assume the Network Category List has been configured with Home and Public, and the Network Name List has been configured with RemoteOffice. During the next logon attempt, Windows reports a Public
network and also a Work network named RemoteOffice. Even though based on the Network Category List alone a Novell Logon would have been attempted due to presence of the Work category network, because the Work network is named RemoteOffice and this network name appears in the Network Name List, the Novell Client will actually consider that none of the active networks detected by Windows qualify for attempting a Novell Logon. A Computer Only Logon will be initiated instead.
To use the Computer Only Logon If Not Connected feature:
1. Logout of Windows, or reboot the machine.
2. Select the Novell Logon link on the Windows logon page, if the Novell Client login is not already in Novell Logon mode. If Computer Only Logon mode is explicitly selected, the Computer Only Logon If Not Connected feature
does not need to engage.
Note by default, the Novell Client remembers whether Novell Logon or Computer Only Logon was last used, and will default to that mode during the next logon. If you want the Novell Client to always come up in Novell Logon mode and then just let the Computer Only Logon If Not Connected automatically decide whether a Novell Logon attempt is actually appropriate, change the Computer Only Logon Default setting from Automatic to Never in the Advanced Login tab of the Novell Client Properties.
3. Now attempt to logon in Novell Logon mode. Once you enter your password and press the submit button, the Novell Client will begin the Computer Only Logon If Not Connected process of querying Windows for connected network names and categories, and matching those names and categories again any configured Network Category List and Network Name List values.
4. If the Novell Client determines there are one or more active Windows networks present over which a Novell Logon attempt will be appropriate, the Novell Client will simply proceed with normal Novell Logon processing of attempting to login to both eDirectory and the Windows account.
5. If the Novell Client determines that all of the active Windows networks match either the configured Network Category List or Network Name List, or if Windows reports there simply are not any active Windows networks, even though the Novell Client was in Novell Logon mode when the logon attempt was initiated, the eDirectory login will be transparently skipped, and only the Windows account logon attempt will be made.
6. Note in cases where the Windows account password is not the same as the eDirectory account password – for example, because the Windows account password was normally supplied from a Novell ZENworks Dynamic Local User (DLU) policy, or the password was expected to be retrieved by NMAS-based Single Sign-On – the Windows-only account logon attempted by Computer Only Logon If Not Connected will not be able to succeed using the eDirectory password.
The Novell Client will still skip the eDirectory logon attempt and will perform just a Computer Only Logon, but the user will have to manually enter their Windows account password. This is only an issue in cases which otherwise would have retrieved their Windows account passed from Novell eDirectory-based sources.
The Workstation Only If Not Connected option in the Novell Client for Windows XP/2003 functioned purely on "Does Windows know of one or more active network interfaces?" to decide whether or not to automatically select the "Workstation Only" login option. While this approach was useful in many cases, scenarios where the workstation was still connected to a network over which the eDirectory servers were not accessible (such as a home broadband network) could prevent the feature from engaging. The fact this feature decided to enable or disable the Workstation Only option before any logon attempt occurred could also be a limitation, if Windows was still in the process of starting up and more Windows network interfaces arrived after Workstation Only if Not Connected had already made its decision.
The Novell Client for Windows "Computer Only Logon If Not Connected" feature, when enabled, improves upon both of these points. Instead of "any Windows network interface", it is now possible to specify specific Windows network categories (e.g. "Work", "Home", "Public") for which a "Computer Only Logon" is preferred. Additionally, specific names assigned to Windows networks (e.g. "Network 1", "Network 2", "My Office", etc.) can be specified for more granular control.
Finally, the Computer Only Logon If Not Connected feature does not make its decision about whether to proceed with a Novell Logon or automatically switch to Computer Only Logon until the user actually initiates a logon attempt. Thereby permitting the maximum time possible for additional network interfaces to arrive or be detected before the feature makes its decision.
The Computer Only Logon If Not Connected feature, when enabled, also maintains the basic "if no Windows network interfaces are available, perform a Computer Only Logon instead of Novell Logon functionality. This functionality can be used even without having to specify any Windows network names or categories.
At the next available opportunity, the Novell Client will add configuration of the Computer Only Logon If Not Connected feature into the Novell Client Properties configuration interface. Until then, this feature can be enabled by directly editing the described registry configuration.
This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.