This post is more than 5 years old
7 Posts
0
24830
GINA chaining in 2008 R2
Looking to see if anyone has set up GINA chaining in Windows Server 2008 R2 to Novell Client 2 for Windows Vista/2008. I am working on a 64-bit 2008 R2 RDS server (Term Server) and trying to chain the Quest vWorkspace GINA to the Novell Client 2 for Windows Vista/2008 GINA to allow connection to our NetWare file servers until they are migrated over to Windows servers early next year. I am able to manually login to Novell after logging into the server, but would like it to automatically log in and run Novell scripts. I have the registry key setup that is listed in the Admin guide for vWorkspace 7.1, but it does not chain the logins.
srjohnson
7 Posts
1
October 12th, 2010 14:00
Found that GINA chaining is not supported in WS2008/Vista/7 and the settings in the documentation have no effect on Windows Server 2008. Microsoft is now using Credential Providers to authenticate. Using the 'Novell Client 2 SP1 for Windows(IR4)' allows for the desired behavior when logging into a terminal server via the web interface.
The following settings need to be in the registry to allow for this to work when logging into a RDS through web interface:
[HKEY_LOCAL_MACHINE\SOFTWARE\Novell\Authentication\NCCredProvider]
"ShowLastLogon"=dword:00000000
"Enabled"=dword:00000000
"ComputerOnlyLogonDefault"=dword:00000001
"ComputerOnlyLogonAfterFailedNovellLogon"=dword:00000002
[HKEY_LOCAL_MACHINE\SOFTWARE\Novell\Login]
"AutoAdminQueryNDS"=dword:00000001
"TSClientAutoAdminLogon"="1"
"DefaultLoginProfile"="Default"
[HKEY_LOCAL_MACHINE\SOFTWARE\Novell\Login\Profiles\System\Default\Tab2]
"Login Script"=dword:00000001
"Display Results"=dword:00000001
"Close Results"=dword:00000001
Settings on the Advanced Login tab in the Properties will have to checked and set if needed:
Computer Only Logon=On
Computer Only Logon after failed Novell Logon=Never
Computer Only Logon Default=Always
Last Logged On User=Off
Login With Non-Novell Credential Provider=On
Novell Logon=Off
Also, you need to configure the LDAP Contextless Login tab in Properties if you have multiple OUs that your users are contained within.
dbolton
180 Posts
0
October 7th, 2010 13:00
I've not... but is it just access to file servers you need? If so could you not enable CIFS on the Netware boxes and use the map drive feature of vWorkspace to map users to?
You need to change some NTLM settings for SSO on though.
Dan.
srjohnson
7 Posts
0
October 7th, 2010 14:00
Unfortunately the Novell NetWare servers are 5.1 and are not setup to support CIFS. I should have put that in the original post.
dbolton
180 Posts
0
October 7th, 2010 15:00
Ah...ok.
In that case I'm not sure... I've never tried the GINA chaining facility myself... We were very keen to move away from the NWclient. We're in the middle of a data migration project ourselves. Using the Quest NDS to AD tool as it happens
Dan.