Installation consists of installing NESCM on the eDirectory server and on the client workstations.
Log in to NetIQ iManager as an administrator.
From the Roles and Tasks view, click NMAS > NMAS Login Methods.
Click New.
The method installation wizard opens.
Follow the steps in the method installation wizard:
Browse to and double-click the EnhancedSmartCard_iMan27.zip file that comes with NESCM. It is located on the client disk under the NMAS Methods folder.
This zip file contains the server components and the iManager components.
Read and accept the license agreement.
Review the method information and modify the values as needed.
If you do not change the name, the default name (Enhanced Smart Card) is used for the method and login sequence name.
Click Finish.
Review the installation summary page, then click Close.
Restart iManager to ensure that the plug‑in is enabled.
Continue with Section 3.0, Configuring NESCM on the eDirectory Server to use the plug-in to configure the NESCM installation on the server.
You must install NESCM on each workstation that you want to use to login to eDirectory by using a smart card. To install NESCM, use the NESCM setup program.
You can also install and configure NESCM silently. For more information about silent installation, see Section B.0, Silently Installing and Configuring NESCM on Workstations.
Log in to a workstation as an administrator.
Run the following program from the ...\enhancedsmartcard\client directory:
On a 32-bit Windows 7/Windows 8 workstation: Setup.exe
On a 64-bit Windows 7/Windows 8/Windows Server 2008 R2/Windows Server 2012: Setup_64.exe
This opens the NESCM setup program. Follow the steps in this setup program to install and configure NESCM. For information about specific steps in the setup program for all client platforms, see Table 2-2.
For more information about the options, see Section A.0, Client Configuration Options.
Repeat Step 1 and Step 2 for every workstation where you want to install the method.
Table 2-2 Setup Program Options for all Client Platforms
Window |
Options |
---|---|
Smart Card Interface |
The method can communicate with the smart card by using a Windows Cryptographic Service Provider (CSP) or PKCS#11 library. The recommended communication method is CSP with PC/SC Interfaces. Use PKCS#11 interfaces only if you know your smart card vendor does not provide a CSP.
For more information about the smart card interface, see Section A.1, Smart Card Interface. |
Smart Card PIN |
The smart card PIN is always validated during login unless this option is turned off (not selected). If this option is off, the PIN is not validated during login. It might be desirable to turn off PIN validation if another application has established a smart card session and previously validated the PIN. This prevents users from having to re-enter the PIN. Require Smart Card PIN Validation: Select this option to validate the PIN during login. For more information about smart card PIN validation, see Section A.2, Smart Card PIN Validation. |
Password Field Descriptor |
The Novell Client login dialog box labels the Password field with the word Password. When using NESCM, enter the smart card PIN in the Password field. This option allows you to change the label to a more intuitive description, such as PIN. Use Custom Descriptor: Select this option and enter a new label to change the descriptor. This option is only available if the Novell Client is installed. For more information about the Password Field Descriptor, see Section A.3, Password Field Descriptor. |
Workstation Only Login |
Normally, workstation only logins are password-based. The following options allow the smart card to be used during a Workstation Only Login:
This option is only available if the Novell Client is installed. For more information about Workstation Only Login, see Section A.4, Workstation Only Login (Disconnected Support Login). |
User Account Lookup - Identity Plugin Support |
The method can use eDirectory to look up the username that is associated with the smart card. The method uses the certificate information on the smart card and performs an LDAP search to locate the user account.
This option is only available if the Novell Client is installed. For more information about User Account Lookup, see Section A.5, User Account Lookup (Identity Plug-In Functionality). |
(Conditional: LDAP Search Options - Page 1) Identity Plugin Configuration |
The following options specify how the LDAP search functionality of the Identity plug-in functions:
|
(Conditional: LDAP Search Options - Page 2) Identity Plugin Configuration |
The following options specify how the LDAP search functionality of the Identity Plug-in functions:
|
(Conditional: Progress Message and Login Options) Identity Plugin Configuration |
Use the following options to configure progress messages and login options for the Identity Plug-in:
|
(Conditional: Novell Client Login Dialog Options) Identity Plugin Configuration |
Select the following options to hide user interface controls in the Novell Client login dialog box:
|