8.2 SecureLogin Properties and Values

Use the following property values to install SecureLogin.

NOTE:All the commands described in this section display details on the user interface. Use option /quiet to stop displaying details on the user interface displays and option /passive for minimal display of details on the user interface. For example : NetIQSecureLogin.exe /install /quiet X_PRIMARYSTORE=MAD.

8.2.1 Installing in eDirectory Environment

Table 8-1 Command Options for Installing in eDirectory Environment

Installation Mode

Command Line Parameters

Description

eDirectory in NDS GINA/Credential Provider mode

NetIQSecureLogin.exe /install X_PRIMARYSTORE=NDS

Use this command to install SecureLogin in Graphical Identification and Authentication (GINA/Credential Provider) mode on eDirectory.

eDirectory in LDAP Credential Provider Mode/GINA Mode

NetIQSecureLogin.exe /install X_PRIMARYSTORE=LDAP APPENDLOCAL=SeamlessLDAPGina LDAPSERVERADDRESS=192.168.1.255

Use this command to install SecureLogin in LDAP Credential Provider Mode/GINA mode on eDirectory.

The default port is 636.

To add another port, include the LDAPPORT in the command line.

For example,NetIQSecureLogin.exe /install X_PRIMARYSTORE=LDAP APPENDLOCAL=SeamlessLDAPGina LDAPSERVERADDRESS=192.168.1.255 LDAPPORT=359

eDirectory in LDAP Credential Manager Mode

NetIQSecureLogin.exe /install X_PRIMARYSTORE=LDAP APPENDLOCAL=SeamlessLDAPCred LDAPSERVERADDRESS=192.168.1.255

Use this command to install SecureLogin in Credential Manager mode on eDirectory.

The default port is 636.

To add another port, include the LDAPPORT in the command line.

For example,

NetIQSecureLogin.exe /install X_PRIMARYSTORE=LDAP APPEND_LOCAL=SeamlessLDAPCred LDAPSERVERADDRESS=192.168.1.255 LDAPPORT=389

eDirectory in LDAP Application Mode

NetIQSecureLogin.exe /install X_PRIMARYSTORE=LDAP APPENDLOCAL=LDAPApp LDAPSERVERADDRESS=192.168.1.255

Use this command to install SecureLogin in LDAP Application Mode on eDirectory.

The default port is 636.

To add another port, include the LDAPPORT in the command line.

For example,

NetIQSecureLogin.exe install X_PRIMARYSTORE=LDAP APPENDLOCAL=LDAPApp LDAPSERVERADDRESS=192.168.1.255 LDAPPORT=389

8.2.2 Installing in LDAP v3 (non-eDirectory) Environment

Table 8-2 Command Options for Installing in LDAP v3 (non-eDirectory) Environment

Installation Mode

Command Line Parameters

Description

LDAP Credential Provider mode/GINA mode

NetIQSecureLogin.exe /install X_PRIMARYSTORE=LDAP APPENDLOCAL=SeamlessLDAPGina X_NONEDIRLDAP=1 LDAPSERVERADDRESS=192.168.1.255

Use this command to install SecureLogin in LDAP Credential Provider mode/GINA mode on any LDAP-compliant directories (non-eDirectory).

The default port is 636.

To add another port, include the LDAPPORT in the command line.

For example,

NetIQSecureLogin.exe /install X_PRIMARYSTORE=LDAP APPENDLOCAL=SeamlessLDAPGina X_NONEDIRLDAP=1 LDAPSERVERADDRESS=192.168.1.255 LDAPPORT=389

LDAP Credential Manager Mode

NetIQSecureLogin.exe /install X_PRIMARYSTORE=LDAP X_NONEDIRLDAP=1 APPENDLOCAL=SeamlessLDAPCred LDAPSERVERADDRESS=192.168.1.255 

Use this command to install SecureLogin in Credential Manager mode on any LDAP-compliant directories (non-eDirectory).

The default port is 636.

To add another port, include the LDAPPORT in the command line.

For example,

NetIQSecureLogin.exe /install X_PRIMARYSTORE=LDAP X_NONEDIRLDAP=1 APPENDLOCAL=SeamlessLDAPCred LDAPSERVERADDRESS=192.168.1.255 LDAPPORT=389

LDAP Application Mode

NetIQSecureLogin.exe /install X_PRIMARYSTORE=LDAP X_NONEDIRLDAP=1 APPENDLOCAL=LDAPApp LDAPSERVERADDRESS=192.168.1.255 

Use this command to install SecureLogin in LDAP Application Mode on any LDAP-compliant directories (non-eDirectory).

The default port is 636.

To add another port, include the LDAPPORT in the command line.

For example,

NetIQSecureLogin.exe /install X_PRIMARYSTORE=LDAP X_NONEDIRLDAP=1 APPENDLOCAL=LDAPApp LDAPSERVERADDRESS=192.168.1.255 LDAPPORT=389

8.2.3 Installing in Microsoft Active Directory Environment

Table 8-3 Command Options for Installing in Active Directory Environment

Installation Mode

Command Line Parameters

Description

Complete install

NetIQSecureLogin.exe /install  X_PRIMARYSTORE=MAD

Use this command to install SecureLogin on Microsoft Active Directory, without prompting users for any selection.

With group policies enabled

NetIQSecureLogin.exe /install X_PRIMARYSTORE=MAD APPENDLOCAL=GPO

Use this command to install SecureLogin on Microsoft Active Directory with support for group policy.

8.2.4 Installing in Active Directory Application Mode Environment

Table 8-4 Command Options for Installing in Active Directory Application Mode Environment

Installation Mode

Command Line Parameters

Description

Complete install

NetIQSecureLogin.exe /install X_PRIMARYSTORE=ADAM

Use this command to install SecureLogin on Microsoft Active Directory Application Mode, without prompting users for any selection.

With group policies enabled

NetIQSecureLogin.exe /install X_PRIMARYSTORE=ADAM APPENDLOCAL=GPO

Use this command to install SecureLogin on Microsoft Active Directory Application Mode with support for group policy.

8.2.5 Installing in Standalone Environment

Table 8-5 Command Options for Installing in Standalone Mode

Installation Mode

Command Line Parameter

Description

Complete install

NetIQSecureLogin.exe /install X_PRIMARYSTORE=DUMMY

Use this command to install SecureLogin in a standalone mode, without any user interface.

8.2.6 Command for Installing the Features

When installing SecureLogin, the GPO and RunAtStartup features are installed by default. You can choose to install various features such as support for smart card and support for Citrix.

Use the following table as reference to specify these features when installing SecureLogin.

Table 8-6 Commands for Installing Features

Command Line Parameters

Value

Description

Example

SMARTCARD

Installs smartcard support.

APPENDLOCAL=SmartCard

Smart card support is installed only if ActivIdentity ActivClient is detected on the machine.

Set the cryptographic service provider and smart card DLL file by defining the X_CSP and X_SMARTCARDLIB properties.

X_CSP="ActivCard Gold Cryptographic Service Provider"
X_SMARTCARDLIB="C:\Windows\System32\ACPKCS211.dll"
CITRIX Server Seamless Logon

Installs Citrix support.

APPENDLOCAL=CitrixSeamless
Citrix Password Agent

 

Installs Citrix support.

APPENDLOCAL=CitrixAgent

 

 

 

 

LDAPPORT

port address

Specifies the LDAP port address.

LDAPPORT=389
SecureWorkstation

 

Installs SecureWorkstation.

APPENDLOCAL=SecureWorkstation
Admin Tools

Specifies installing the directory administration tools.

APPENDLOCAL=Admin
SMARTCARDLIB

 

Specifies the PKCS#11 encryption library to use.

The value is supplied as the name of the desired DLL file.

X_SMARTCARDLIB="C:\Resources\acpkcs201rc.dll"
CSP

 

Specifies a cryptographic service provider.

It is typically a string constant from HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\ Defaults\Provider.

X_CSP="ActivCard Gold Cryptographic Service Provider"
AAF

 

Installs the files that are required for configuring Advanced Authentication.

APPENDLOCAL = AAF
X_AAFSERVERNAME=XXX.XXX.X.X
X_AAFSERVERPORT=443
X_AAFEVENTNAME="WINDOWS LOGON”

HINT:APPENDLOCAL can be used to install any specific feature using the feature name. For enabling multiple features, specify the feature names separated by a comma.

For example: To install DAS, and SecureWorkstation, use APPENDLOCAL in the following manner:APPENDLOCAL=DAS, SecureWorkstation

8.2.7 Examples

This section lists some examples that you can use in your environment.

Selecting Mode and Feature

The following example installs SecureLogin in the following setup.

  • Microsoft Active Directory mode

  • Support for Group Policy

  • SecureLogin is not launched at the completion of the installation

NetIQSecureLogin.exe
/install X_PRIMARYSTORE=MAD APPENDLOCAL=GPO

Installing with User Interface Option

The following example installs SecureLogin in the following setup.

  • eDirectory mode.

  • SecureLogin is not launched at the completion of the installation

  • User is prompted to restart after the installation is complete.

NetIQSecureLogin.exe /install X_PRIMARYSTORE=NDS APPENDLOCAL=INSTALLADMIN

8.2.8 Silent Install

A silent install provides InstallShield Wizard with instructions for installing SecureLogin. To use a silent install, you must use a response file.

A response file is a text file (responsefile.ini) containing sections and keys. The response file is created during installation in <WidowsVolume>\NSLFiles\responsefile.ini. It captures your responses to the dialogs that you encounter during the installation. This is later used as an input for silent installation. It is recommended that you do not modify the responsefile.ini.

IMPORTANT:During silent install, the PATHTOISS property must contain the absolute path to responsefile.ini. If it is a relative path or if the file path is invalid, then SecureLogin installation is aborted.

For instance,

  • An administrator runs the graphical installer on a single machine. During the install, the administrator selects the configuration he or she wants to roll out to the machines of the target users.

  • At the end of the installation a response file is created and available located in <windows Volume>\NSLFiles. It contains the command line properties required to replicate the graphical installation the administrator has done.

  • The administrator can take this response file and copy it to the target machines or to a mapped network drive for use with target machine installs.

8.2.9 Installing NSL Using response.ini File

To install NSL on all the target machines with the response.ini file, execute the following command:

NetIQSecureLogin.exe /install X_PRIMARYSTORE=LDAP PATHTOISS="c:\temp\response.ini" /quiet /log /log.txt

Substitute value of X_PRIMARYSTORE with one of the following values:

  • MAD -Microsoft Active Directory

  • ADAM - Active Directory Application Mode

  • NDS - NetIQ eDirectory with Novell Client

  • LDAP - NetIQ eDirectory with LDAP

If you try to install NSL using response.ini in any of LDAP modes (like Gina/CP, CM and App mode), then these modes have certain prerequisites like NICI, NMAS etc. So it is important to pass value for Data store along with response.ini.

For example :

NetIQSecureLogin.exe X_PRIMARYSTORE=LDAP PATHTOISS="C\Users....\response.ini" /quietInstallation fails if we do not specify the X_PRIMARYSTORE, as prerequisites are not met. If prerequisites like NICI and NMAS is already present in the workstation, then do not specify X_PRIMARYSTORE value in command line

You can create a new response file or edit one from a previous installation. During the installation, the responsefile.ini is created in the <WindowsVolume>\NSLFiles folder.

IMPORTANT:Non-English users must first run MSI with transform file and then run the update sequentially.

8.2.10 Example of a Response File

The following is an example of a response file.

INSTALLDIR=C:\Program Files\NetIQ\SecureLogin\X_CACHEDIR=%LOCALAPPDATA%X_PRIMARYSTORE=LDAPSecretStoreX_NONEDIRLDAP=NoADDLOCAL=Help,SecretStore,SeamlessLDAPGina,LDAPApp,WinSSO,JavaSSO,TermSSO,IESSO,FireFoxSSO,DotNetSSO,FlashSSO,DAS,RunAtStartup,Desktop,CredStore,FileExtension,DirectorySignon,SSOAut,ReadMe,PrimaryStoreLDAPSERVERADDRESS=192.168.1.25LDAPPORT=636LDAPSERVERADDRESS=192.168.1.26LDAPPORT=636LDAPSERVERADDRESS1=192.168.1.25LDAPPORT1=636LDAPSERVERADDRESS2=LDAPPORT2=X_SMARTCARDLIB=X_CSP=X_STOREONCARD=EA_FAILRETRIES=3EA_LOCKTIMEOUT=30EA_SSPRURL=EA_REQTIMEOUT=300LOCATIONFORXML=DASSERVER=DASCONFIGOBJECT=READERPORT=-1CARDREADER=AIRID=0RETRIES=0TREE=SERVER=SEQUENCE=LDAPSERVER=ALTERNATE1=ALTERNATE2=