Installation consists of installing the method on the eDirectory server and on the client workstations.
Log in to iManager as an Administrator.
From the
view, click > .Click
.The method installation wizard is launched.
Follow the steps in the method installation wizard:
Browse to and double-click the EnhancedSmartCard_iMan27.zip file that comes with the method. It is located on the client disk under the NMAS Methods folder.
This zip file contains the server components and the iManager components.
Read and accept the license agreement.
Review the method information and modify the values as needed.
If you don’t change the name, the default name (Enhanced Smart Card) is used for the method and login sequence name.
Click
.Review the installation summary page, then click
.Restart iManager to ensure that the plug‑in is enabled.
Continue with Section 3.0, Configuring the Server to use the plug-in to configure the NESCM installation on the server.
The method must be installed on each workstation. To install the method, use the NESCM setup program.
The method can also be installed and configured silently. For more information on silent installation, see Section B.0, Silently Installing and Configuring the Method on Workstations.
Log in to a workstation as an Administrator.
Run the following program from the ...\enhancedsmartcard\client directory:
Windows Vista (32-bit)/7 (32-bit)/XP/Server 2008 (32-bit): Setup.exe
Windows Vista (64-bit)/7 (64-bit)/Server 2008 (64-bit)/Server 2008 R2 (64-bit): Setup_64.exe
This launches the NESCM setup program. Follow the steps in this setup program to install and configure NESCM. For information concerning specific steps in the setup program for all client platforms (Windows Vista/7/XP/Server 2008), see Table 2-2.
For information concerning specific steps in the setup program for Windows XP client, see Table 2-3.
For extended information on the options, see Section A.0, Client Configuration Options.
Repeat Step 1 and Step 2 for every workstation where you want to install the method.
Table 2-3 explains the configuration options that are available when you use the setup program to install the method on a workstation.
Table 2-2 Setup Program Options for all Client Platforms
Window |
Options |
---|---|
Smart Card Interface |
The method can communicate with the smart card by using a Windows Cryptographic Service Provider (CSP) or PKCS#11 library. The recommended communication method is CSP with PC/SC Interfaces. Use PKCS#11 interfaces only if you know your smart card vendor does not provide a CSP.
For more information on the smart card interface, see Section A.1, Smart Card Interface. |
Smart Card PIN |
The smart card PIN is always validated during login unless this option is turned off (not selected). If this option is off, the PIN is not validated during login. It might be desirable to turn off PIN validation if another application has established a smart card session and previously validated the PIN. This prevents users from having to re-enter the PIN. : Select this option to validate the PIN during login. For more information on smart card PIN validation, see Section A.2, Smart Card PIN Validation. |
Workstation Only Login |
Normally, workstation only logins are password-based. The following options allow the smart card to be used during a workstation only login:
This option is only available if the Novell Client is installed. For more information on Workstation Only Login, see Section A.4, Workstation Only Login (Disconnected Support Login). |
User Account Lookup - Identity Plug-in Support |
The method can use eDirectory to look up the username that is associated with the smart card. The method uses the certificate information on the smart card and performs an LDAP search to locate the user account. This option is only available if the Novell Client is installed. For more information on User Account Lookup, see Section A.5, User Account Lookup (Identity Plug-In Functionality). |
(Conditional: LDAP Search Options - Page 1) Identity Plug-in Configuration |
The following options specify how the LDAP search functionality of the Identity plug-in functions:
|
(Conditional: LDAP Search Options - Page 2) Identity Plug-in Configuration |
The following options specify how the LDAP search functionality of the Identity Plug-in functions:
|
(Conditional: Progress Message and Login Options) Identity Plug-in Configuration |
The following options allow you to configure progress messages and login options for the Identity Plug-in:
|
(Conditional: Novell Client Login Dialog Options) Identity Plug-in Configuration |
Selecting the following options allows you to hide user interface controls in the Novell Client login dialog:
|
Table 2-3 Setup Program Options for Windows XP Client
Window |
Options |
---|---|
Password Field Descriptor |
The Novell Client login dialog box labels the field with the word “Password.” When using NESCM, enter the smart card PIN in the field. This option allows you to change the label to a more intuitive description, like “PIN.”: Select this option and enter a new label to change the descriptor. This option is only available if the Novell Client is installed. For more information on the Password Field Descriptor, see Section A.3, Password Field Descriptor. |