Solved

How to get Single Sign-on to work

Posted on 2008-10-20
29
1,164 Views
Last Modified: 2013-11-12
Since I have tried using Novell Client 4.91 SP2 I cannot get the 'single sign-on' feature to work.  I have that box checked in the Novell Client properties tab.  The previous version of the netware client 4.90 that was being used here worked just fine; hence, I knwo it cna be done.
0
Comment
Question by:Pkafkas
  • 16
  • 7
  • 4
  • +1
29 Comments
 
LVL 19

Expert Comment

by:billmercer
Comment Utility
First thing I'd suggest is to update to the latest client, which is 4.91 SP4. It is supposed to fix some Single Sign-On issues.

0
 

Author Comment

by:Pkafkas
Comment Utility
We use Netware version 5.1, I do not knwo if that makes a difference.  The netware client version is:  4.91.2.20051209
0
 
LVL 18

Expert Comment

by:ZENandEmailguy
Comment Utility
If you can do a quick experiment: remove the client you're using and re-install with custom and do not use NMAS or NetIdentity (NICI is ok).  NetWare 5.1 and NMAS don't play together very nicely in my past experiences.  If you do the SP4 upgrade, do the same: don't install NMAS and see if you can get the results that you used to.
0
 

Author Comment

by:Pkafkas
Comment Utility
I will try your suggestion.
0
 

Author Comment

by:Pkafkas
Comment Utility
The netware client is sp2.  I will try SP4.
0
 

Author Comment

by:Pkafkas
Comment Utility
i HAVE INSTALLED Novel CLient 4.91 Sp4 and it did not change anything.  I have installed it without NMAS or NEt Identify.

I will now un-install and re-install it with Net Identify and NMAS.
0
 
LVL 19

Expert Comment

by:billmercer
Comment Utility
Did you first remove the existing client before you installed without NMAS?

Make sure you remove any existing client first, so that you're starting clean.
0
 

Author Comment

by:Pkafkas
Comment Utility
Yes, I removed the exisiting Novell Client before I re-installed it.  I was told by another Novell guy that NMAS is ncessary for Single Sign on to work.  He was using Novell Client 5.0 and that worked for him.

Perhaps I will try that.
0
 
LVL 38

Expert Comment

by:ChiefIT
Comment Utility
To all Experts: (FYI)

Hi all you Novell Stud/Studetts:

There is a wee bit of information that might prove very helpful to you.

I believe this is a Microsoft domain, with Novel storage servers. Both Client services for Netware and MS network services are enabled.

Rob Will and I were troubleshooting it earlier on why network problems were slow and it was because the novell client services was in a higher binding priority than the Client for Microsoft network. So, your client services for netware may be competing with MS network services.

Any advice on how to get the two to work together would be very helpful to Pkafkas:

0
 
LVL 38

Accepted Solution

by:
ChiefIT earned 200 total points
Comment Utility
Oh, yah:

Here is the link of prior troubleshooting for the network slowness side:

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_23893096.html
0
 

Author Comment

by:Pkafkas
Comment Utility
The above link for Network sloweness was a life saver from Chief IT and Robwill.
0
 

Author Comment

by:Pkafkas
Comment Utility
I will try client 4.91 SP5.

0
 

Author Comment

by:Pkafkas
Comment Utility
I have tried Client 4.91 SP5 and no luch.  I installed it the same way I did hteo other clients.  However this time I had teh option to recognixe edirectory viat eh logon cript, not hte bindary option.  So I chose the edirectory option.  No change.

I think this is a uniqe Netware thing.  Perhaps its is a Windows and Netwoare thing.  I will try the old clinet (4.90) and see what happens.
0
 

Author Comment

by:Pkafkas
Comment Utility
Anyone know where I can find Novell Client Versin 4.90?  I am having difficulty finding it on the web.
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 19

Assisted Solution

by:billmercer
billmercer earned 200 total points
Comment Utility
I don't think 4.90 is available for download anymore. If you don't have an old copy of it, you're going to have trouble finding it.

If you'd like to try an older version, you may want to try version 4.83, which is still available from Novell for legacy systems that are not compatible with 4.9 and up.

http://download.novell.com/Download?buildid=yDH4sgHLPno~

You're reporting that this problem happened after installing SP2. Is it happening for all clients? Or is it only happening for certain ones?

0
 

Author Comment

by:Pkafkas
Comment Utility
All clients.
0
 
LVL 19

Expert Comment

by:billmercer
Comment Utility
Looking back over the discussion, I don't see an actual description of the exact problem you're having.

Can you please describe what you're trying to do with single signon, and exactly what you are expecting to happen that does not happen? Please include the text of any error message if there is one.
 
0
 

Author Comment

by:Pkafkas
Comment Utility
Ok, quite simply, when our clients logon to the network, GroupWise pops up at start up.  

1.  GroupWise asks us for a password to access our e-mail.  Here is a check-box named 'single-sign-on'.  

2.  If one checks that box and then enters the GroupWise password in the appropriate field, The GroupWise client is supposed to 'remember the password'.

3,  However, the client does not remember the password and the user must type the password every time they logon.
0
 
LVL 19

Expert Comment

by:billmercer
Comment Utility
In the GroupWise client, go to Tools|Options, double click on security.
Check the box labeled "No password required with eDirectory"

You might have to enter the current groupwise password to activate this box.
0
 

Author Comment

by:Pkafkas
Comment Utility
I do not see what you mentioned.  But I do see something very close to it.  The single-sign-om check box.  If that is what you mean (see attachment) I had already tried that and it did nto work.

Do you mean something else?  I have also tried the netware client properties (The N in red) and went to the single sign on tab.  That did nto work either.
sginon.doc
0
 
LVL 19

Expert Comment

by:billmercer
Comment Utility
Look at the Client Options in ConsoleOne, click on security, and look to see what options are enabled. Try turning on the Use eDirectory option if its not on. This might be a workaround for your problem.



0
 

Author Comment

by:Pkafkas
Comment Utility
Client options where, for the user client properties?

For the GroupWise properties?
0
 

Author Comment

by:Pkafkas
Comment Utility
Can you please describe where I can find those options in Console one?
0
 
LVL 18

Assisted Solution

by:ZENandEmailguy
ZENandEmailguy earned 100 total points
Comment Utility
Can I offer a different suggestion?  How about looking at LDAP authentication to the post office?  Many of my clients have been using this method of authentication for a long time.  It works on all platforms.  You need to confirm via Consoleone Tools menu | GroupWise System Operations | LDAP servers that at least one server appears which has a read/write or master replica of eDirectory partitions where user accounts are located in your tree or if you're using AD, at least one of the AD domain controllers appears (preferrably a global catalog server).

One you've confirmed the above, go to one of your post offices and highlight properties and on the GroupWise tab find Security.  Click the High radio button and then click the LDAP authentication radio button.  There is a user account and password you can, but do NOT need to put in.  You can setup secure LDAP on port 636 assuming you can put a SSL certificate in both the post office directory and the same directory where the POA runs from (on NetWare that would be sys:system).  But before you worry about SSL, get regular LDAP over port 389 to work.  Be sure to confirm that one or more LDAP servers is assigned to this post office by clicking the LDAP servers button.

Now that the above is done, unload/stop then reload/start your POA.  Let it start up and then get into the log file and confirm you see LDAP settings.

Next, login to the network with the Novell client and launch GroupWise.  You should not get a password prompt, assuming your eDirectory login matches your GroupWise ID.

LDAP authentication works better with eDirectory than AD but it will work with AD if that is relevant to you.

I hope this helps.

Scott Kunau
0
 
LVL 19

Assisted Solution

by:billmercer
billmercer earned 200 total points
Comment Utility
To change default client settings in ConsoleOne, locate your groupwise domain, right click on it, and choose GroupWise Utilities|Client Options. This gives you a dialog similar to the individual client's options, but with many additional settings. Changes made here will apply to all clients for your domain. You can also set client options at the POA level if you prefer.

In addition to setting defaults, you can also lock settings, to prevent users from changing them.

Both my suggestion and ZenandEmailguy's LDAP suggestion are possible alternatives to single signon. If you really want single signon to work you will probably need to do more extensive troubleshooting to try to find the cause of the problem. But unless you have some compelling need for sso, I'd just skip it and use one of the alternatives.
0
 

Author Comment

by:Pkafkas
Comment Utility
I will try ZenandEmailguy's suggestion.
0
 
LVL 38

Assisted Solution

by:ChiefIT
ChiefIT earned 200 total points
Comment Utility
Saved credentials will be found in control pannel>>users>>advanced>>Saved credentials, on the local/client machine.

Saved credentials are saved for a variety of reasons..Example: Domain logons, Email services, Experts Exchange passwords. Any time you log onto a site and it asks you if you want to save your credential set, these saved credentials are saved there on the local machine.

These credentials have often been denied being saved locally, (through a GPO by the domain administrators), BECAUSE domain saved credentials could also be saved. What happens when domain credentials are saved is, let's say you change domain passwords and try to re log onto the domain, when these old saved domain credentials on the client machine are used, you can get locked out from the domain and/or can't log onto the domain. So, a GPO to prevent from saved credentials my be preventing you from saving  your Email logon credentials.
0
 
LVL 38

Expert Comment

by:ChiefIT
Comment Utility
Oops, (not saved credentials), it's in Control pannel>>Users>>advanced>>MANAGED CREDENTIALS
0
 

Author Closing Comment

by:Pkafkas
Comment Utility
The potential problems did not work.  I am closing the call; but, thanks for trying.
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

This article is essential to make secure Yahoo Mail connection without facing any issue. It is providing simple steps to configure your Yahoo Mailbox to Hard drive using Microsoft Outlook.
We are happy to announce a brand new addition to our line of acclaimed email signature management products – CodeTwo Email Signatures for Office 365.
This video discusses moving either the default database or any database to a new volume.
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now