Solved

Login to Active Directory first, then eDirectory, without prompt for 2nd login

Posted on 2007-11-13
9
1,698 Views
Last Modified: 2012-08-14
I would like to login using the Microsoft GINA first, and have the username and password passed to the Novell GINA so that the user doesn't get prompted to log in a second time (provided their passwords are in sync). (My ultimate goal is to get group policy and printers from Active Directory, and login to eDirectory to get access to the Zenworks Application Launcher.)

I have tried setting the GinaDLL to be MSGINA.DLL, and that is insufficient. The "Login without Novell's GINA" setting gets rid of the second login prompt, but doesn't authenticate the user to eDirectory.

What settings are necessary to accomplish this?
0
Comment
Question by:dlcarraw
  • 3
  • 2
  • 2
9 Comments
 
LVL 29

Expert Comment

by:matrixnz
ID: 20275906
Hi dlcarraw

Heres an article on how to install Zenworks for Desktops in a Windows Environment

Installing ZfD 4.x in a Windows-Only Environment
http://www.novell.com/documentation/zdpr/index.html?page=/documentation/lg/zdpr/zdprinst/data/aliq069.html

With Novell you could setup Dynamic Local Users which basically synchronised the Novel System with the Windows Local Account, when using Zenworks separately, you basically don't require edirectory.

Hope that made sense.

Cheers
0
 
LVL 35

Accepted Solution

by:
ShineOn earned 250 total points
ID: 20276537
matrixnz, I don't see how that answers his question.  

You can't use DLU with Windows AD group policy.  The two are immiscible.  If you succeed in having both active, results will always be unpredictable at best.

dlcarraw, you don't need to use the msgina in order to have Windows group policy take effect.  You can get Windows group policy and still have the NWGINA primary.  Pretty-much all you need is to join your computers to the AD domain and make sure no ZEN group-policy packages are active for anyone, by disabling the workstation manager.  That won't disable the application launcher, just the ZEN policy management.  The user can log in to the AD domain seamlessly from the NWGINA and even process AD login scripts.
0
 
LVL 29

Expert Comment

by:matrixnz
ID: 20276786
Hi ShineOn

My last point was just pointing out how Novell worked if you checked the link above, it refers to implimenting Zenworks in an Windows/AD environment, from dlcarraw initial post he's wanting to use Zenworks for Application Deployment very much like SMS etc..  

Also I should clarify, "you basically don't require edirectory." I was referring to Novell edirectory.

Cheers
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 35

Expert Comment

by:ShineOn
ID: 20277046
ZEN needs eDirectory through version 7.  ZENworks Configuration Management 10 can run in an AD-only environment.  
0
 
LVL 1

Author Comment

by:dlcarraw
ID: 20487828
A little more detail.
I want to use Active Directory for all group policy - this will enable me to install software and printers, etc as we migrate away from Novell. I want to simultaneously use the Zenworks Application Launcher because we have hundreds of application objects in eDirectory, so I don't want to have to move all of those to Active Directory at once.

I've had the MSGINA thing work a few times, so I know it's possible, I just don't know how to make it repeatable.
0
 
LVL 1

Author Comment

by:dlcarraw
ID: 21670632
While I appreciate the comments, the solutions offered were for me to use Novell's ZENWorks, rather than accomplish the goal of making MSGINA the primary login with the NW client installed. This was not the question and did not meet my needs.

The latest Novell client has support for using non-NWGINAs. I have had that work, though not with contextless login (another story). So the solution is to use Novell's native support in newer versions of the NW client.
0
 
LVL 35

Expert Comment

by:ShineOn
ID: 21671934
I disagree.  My first comment (20276537) gave a complete, clear, clean and simple answer to the question.  

You wanted to log in to both AD and eDirectory, use AD for policies and use ZENworks for app deployment.  The simplest and easiest to accomplish method for that was my comment.

MSGINA is stupid - it only cares about MS stuff.  To authenticate to eDirectory subsequent to MSGINA you need to force a resource to be used that's known to be provided by eDirectory, which will force the login to eDirectory to occur.  It's not "seamless" like it is if you use NWGINA as primary.
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

There are 2 things you must have in order to connect to the internet behind a router, The "Gateway IP" of the router, which is usually something like 192.168.xxx.1, I've seen routers with default values of: 192.168.0.1, 192.168.1.1, 192.168.11.1, …
It is only natural that we all want our PCs to be in good working order, improved system performance, so that is exactly how programs are advertised to entice. They say things like:            •      PC crashes? Get registry cleaner to repair it!    …
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now