Use the following property values to install SecureLogin.
NOTE:All the commands described in this section display details on the user interface. Use option /quiet to stop displaying details on the user interface displays and option /passive for minimal display of details on the user interface. For example : NetIQSecureLogin.exe /install /quiet X_PRIMARYSTORE=MAD.
Table 8-1 Command Options for Installing in eDirectory Environment
Installation Mode |
Command Line Parameters |
Description |
---|---|---|
eDirectory in NDS GINA/Credential Provider mode |
NetIQSecureLogin.exe /install X_PRIMARYSTORE=NDS |
Use this command to install SecureLogin in Graphical Identification and Authentication (GINA/Credential Provider) mode on eDirectory. |
eDirectory in LDAP Credential Provider Mode/GINA Mode |
NetIQSecureLogin.exe /install X_PRIMARYSTORE=LDAP APPENDLOCAL=SeamlessLDAPGina LDAPSERVERADDRESS=192.168.1.255 |
Use this command to install SecureLogin in LDAP Credential Provider Mode/GINA mode on eDirectory. The default port is 636. To add another port, include the LDAPPORT in the command line. For example,NetIQSecureLogin.exe /install X_PRIMARYSTORE=LDAP APPENDLOCAL=SeamlessLDAPGina LDAPSERVERADDRESS=192.168.1.255 LDAPPORT=359 |
eDirectory in LDAP Credential Manager Mode |
NetIQSecureLogin.exe /install X_PRIMARYSTORE=LDAP APPENDLOCAL=SeamlessLDAPCred LDAPSERVERADDRESS=192.168.1.255 |
Use this command to install SecureLogin in Credential Manager mode on eDirectory. The default port is 636. To add another port, include the LDAPPORT in the command line. For example, NetIQSecureLogin.exe /install X_PRIMARYSTORE=LDAP APPEND_LOCAL=SeamlessLDAPCred LDAPSERVERADDRESS=192.168.1.255 LDAPPORT=389 |
eDirectory in LDAP Application Mode |
NetIQSecureLogin.exe /install X_PRIMARYSTORE=LDAP APPENDLOCAL=LDAPApp LDAPSERVERADDRESS=192.168.1.255 |
Use this command to install SecureLogin in LDAP Application Mode on eDirectory. The default port is 636. To add another port, include the LDAPPORT in the command line. For example, NetIQSecureLogin.exe install X_PRIMARYSTORE=LDAP APPENDLOCAL=LDAPApp LDAPSERVERADDRESS=192.168.1.255 LDAPPORT=389 |
Table 8-2 Command Options for Installing in LDAP v3 (non-eDirectory) Environment
Installation Mode |
Command Line Parameters |
Description |
---|---|---|
LDAP Credential Provider mode/GINA mode |
NetIQSecureLogin.exe /install X_PRIMARYSTORE=LDAP APPENDLOCAL=SeamlessLDAPGina X_NONEDIRLDAP=1 LDAPSERVERADDRESS=192.168.1.255 |
Use this command to install SecureLogin in LDAP Credential Provider mode/GINA mode on any LDAP-compliant directories (non-eDirectory). The default port is 636. To add another port, include the LDAPPORT in the command line. For example, NetIQSecureLogin.exe /install X_PRIMARYSTORE=LDAP APPENDLOCAL=SeamlessLDAPGina X_NONEDIRLDAP=1 LDAPSERVERADDRESS=192.168.1.255 LDAPPORT=389 |
LDAP Credential Manager Mode |
NetIQSecureLogin.exe /install X_PRIMARYSTORE=LDAP X_NONEDIRLDAP=1 APPENDLOCAL=SeamlessLDAPCred LDAPSERVERADDRESS=192.168.1.255 |
Use this command to install SecureLogin in Credential Manager mode on any LDAP-compliant directories (non-eDirectory). The default port is 636. To add another port, include the LDAPPORT in the command line. For example, NetIQSecureLogin.exe /install X_PRIMARYSTORE=LDAP X_NONEDIRLDAP=1 APPENDLOCAL=SeamlessLDAPCred LDAPSERVERADDRESS=192.168.1.255 LDAPPORT=389 |
LDAP Application Mode |
NetIQSecureLogin.exe /install X_PRIMARYSTORE=LDAP X_NONEDIRLDAP=1 APPENDLOCAL=LDAPApp LDAPSERVERADDRESS=192.168.1.255 |
Use this command to install SecureLogin in LDAP Application Mode on any LDAP-compliant directories (non-eDirectory). The default port is 636. To add another port, include the LDAPPORT in the command line. For example, NetIQSecureLogin.exe /install X_PRIMARYSTORE=LDAP X_NONEDIRLDAP=1 APPENDLOCAL=LDAPApp LDAPSERVERADDRESS=192.168.1.255 LDAPPORT=389 |
Table 8-3 Command Options for Installing in Active Directory Environment
Installation Mode |
Command Line Parameters |
Description |
---|---|---|
Complete install |
NetIQSecureLogin.exe /install X_PRIMARYSTORE=MAD |
Use this command to install SecureLogin on Microsoft Active Directory, without prompting users for any selection. |
With group policies enabled |
NetIQSecureLogin.exe /install X_PRIMARYSTORE=MAD APPENDLOCAL=GPO |
Use this command to install SecureLogin on Microsoft Active Directory with support for group policy. |
Table 8-4 Command Options for Installing in Active Directory Application Mode Environment
Installation Mode |
Command Line Parameters |
Description |
---|---|---|
Complete install |
NetIQSecureLogin.exe /install X_PRIMARYSTORE=ADAM |
Use this command to install SecureLogin on Microsoft Active Directory Application Mode, without prompting users for any selection. |
With group policies enabled |
NetIQSecureLogin.exe /install X_PRIMARYSTORE=ADAM APPENDLOCAL=GPO |
Use this command to install SecureLogin on Microsoft Active Directory Application Mode with support for group policy. |
Table 8-5 Command Options for Installing in Standalone Mode
Installation Mode |
Command Line Parameter |
Description |
---|---|---|
Complete install |
NetIQSecureLogin.exe /install X_PRIMARYSTORE=DUMMY |
Use this command to install SecureLogin in a standalone mode, without any user interface. |
When installing SecureLogin, the GPO and RunAtStartup features are installed by default. You can choose to install various features such as support for smart card and support for Citrix.
Use the following table as reference to specify these features when installing SecureLogin.
Table 8-6 Commands for Installing Features
Command Line Parameters |
Value |
Description |
Example |
---|---|---|---|
SMARTCARD |
Installs smartcard support. |
APPENDLOCAL=SmartCard Smart card support is installed only if ActivIdentity ActivClient is detected on the machine. Set the cryptographic service provider and smart card DLL file by defining the X_CSP and X_SMARTCARDLIB properties. X_CSP="ActivCard Gold Cryptographic Service Provider" X_SMARTCARDLIB="C:\Windows\System32\ACPKCS211.dll" |
|
CITRIX Server Seamless Logon |
Installs Citrix support. |
APPENDLOCAL=CitrixSeamless |
|
Citrix Password Agent |
|
Installs Citrix support. |
APPENDLOCAL=CitrixAgent |
|
|
|
|
LDAPPORT |
port address |
Specifies the LDAP port address. |
LDAPPORT=389 |
SecureWorkstation |
|
Installs SecureWorkstation. |
APPENDLOCAL=SecureWorkstation |
Admin Tools |
Specifies installing the directory administration tools. |
APPENDLOCAL=Admin |
|
SMARTCARDLIB |
|
Specifies the PKCS#11 encryption library to use. The value is supplied as the name of the desired DLL file. |
X_SMARTCARDLIB="C:\Resources\acpkcs201rc.dll" |
CSP |
|
Specifies a cryptographic service provider. It is typically a string constant from HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\ Defaults\Provider. |
X_CSP="ActivCard Gold Cryptographic Service Provider" |
AAF |
|
Installs the files that are required for configuring Advanced Authentication. |
APPENDLOCAL = AAF X_AAFSERVERNAME=XXX.XXX.X.X X_AAFSERVERPORT=443 X_AAFEVENTNAME="WINDOWS LOGON” |
HINT:APPENDLOCAL can be used to install any specific feature using the feature name. For enabling multiple features, specify the feature names separated by a comma.
For example: To install DAS, and SecureWorkstation, use APPENDLOCAL in the following manner:APPENDLOCAL=DAS, SecureWorkstation
This section lists some examples that you can use in your environment.
The following example installs SecureLogin in the following setup.
Microsoft Active Directory mode
Support for Group Policy
SecureLogin is not launched at the completion of the installation
NetIQSecureLogin.exe /install X_PRIMARYSTORE=MAD APPENDLOCAL=GPO
The following example installs SecureLogin in the following setup.
eDirectory mode.
SecureLogin is not launched at the completion of the installation
User is prompted to restart after the installation is complete.
NetIQSecureLogin.exe /install X_PRIMARYSTORE=NDS APPENDLOCAL=INSTALLADMIN
A silent install provides InstallShield Wizard with instructions for installing SecureLogin. To use a silent install, you must use a response file.
A response file is a text file (responsefile.ini) containing sections and keys. The response file is created during installation in <WidowsVolume>\NSLFiles\responsefile.ini. It captures your responses to the dialogs that you encounter during the installation. This is later used as an input for silent installation. It is recommended that you do not modify the responsefile.ini.
IMPORTANT:During silent install, the PATHTOISS property must contain the absolute path to responsefile.ini. If it is a relative path or if the file path is invalid, then SecureLogin installation is aborted.
For instance,
An administrator runs the graphical installer on a single machine. During the install, the administrator selects the configuration he or she wants to roll out to the machines of the target users.
At the end of the installation a response file is created and available located in <windows Volume>\NSLFiles. It contains the command line properties required to replicate the graphical installation the administrator has done.
The administrator can take this response file and copy it to the target machines or to a mapped network drive for use with target machine installs.
To install NSL on all the target machines with the response.ini file, execute the following command:
NetIQSecureLogin.exe /install X_PRIMARYSTORE=LDAP PATHTOISS="c:\temp\response.ini" /quiet /log /log.txt
Substitute value of X_PRIMARYSTORE with one of the following values:
MAD -Microsoft Active Directory
ADAM - Active Directory Application Mode
NDS - NetIQ eDirectory with Novell Client
LDAP - NetIQ eDirectory with LDAP
If you try to install NSL using response.ini in any of LDAP modes (like Gina/CP, CM and App mode), then these modes have certain prerequisites like NICI, NMAS etc. So it is important to pass value for Data store along with response.ini.
For example :
NetIQSecureLogin.exe X_PRIMARYSTORE=LDAP PATHTOISS="C\Users....\response.ini" /quietInstallation fails if we do not specify the X_PRIMARYSTORE, as prerequisites are not met. If prerequisites like NICI and NMAS is already present in the workstation, then do not specify X_PRIMARYSTORE value in command line
You can create a new response file or edit one from a previous installation. During the installation, the responsefile.ini is created in the <WindowsVolume>\NSLFiles folder.
IMPORTANT:Non-English users must first run MSI with transform file and then run the update sequentially.
The following is an example of a response file.
INSTALLDIR=C:\Program Files\NetIQ\SecureLogin\X_CACHEDIR=%LOCALAPPDATA%X_PRIMARYSTORE=LDAPSecretStoreX_NONEDIRLDAP=NoADDLOCAL=Help,SecretStore,SeamlessLDAPGina,LDAPApp,WinSSO,JavaSSO,TermSSO,IESSO,FireFoxSSO,DotNetSSO,FlashSSO,DAS,RunAtStartup,Desktop,CredStore,FileExtension,DirectorySignon,SSOAut,ReadMe,PrimaryStoreLDAPSERVERADDRESS=192.168.1.25LDAPPORT=636LDAPSERVERADDRESS=192.168.1.26LDAPPORT=636LDAPSERVERADDRESS1=192.168.1.25LDAPPORT1=636LDAPSERVERADDRESS2=LDAPPORT2=X_SMARTCARDLIB=X_CSP=X_STOREONCARD=EA_FAILRETRIES=3EA_LOCKTIMEOUT=30EA_SSPRURL=EA_REQTIMEOUT=300LOCATIONFORXML=DASSERVER=DASCONFIGOBJECT=READERPORT=-1CARDREADER=AIRID=0RETRIES=0TREE=SERVER=SEQUENCE=LDAPSERVER=ALTERNATE1=ALTERNATE2=