Hi there,

Is this TID applicable with Novell Client 4.91 sp5, SecureLogin 6.1x and ZCM 11 agent?

TID 7005947 explains how to configure the registry to use Novell Client, SecureLogin 6 and ZCM 10 agent for simultaneous login. We saw some issues with similar configuration but using the ZCM 11 agent.

This short TID written for ZCM 10.x says:
For a seamless login to all of these products, the GINA must be set to "NWGINA.DLL".
To do this, ensure that "HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\C urrentVersion\Winlogon,GINADLL" is set to "NWGINA.DLL".

NWGINA can run in two modes: Passive Mode and Non-Passive mode.

1. Passive Mode:

- NWGina creates a GINA chain to MSGINA.
- MSGINA is presented to the user for authentication.
- Windows Authentication happens first.
- Credentials passed to NWGINA to authenticate to NSL and ZENworks.

To Enable Passive Mode, create the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Novell\NWGINA,PassiveM ode=dword:00000001

2.Non-Passive Mode:

- Completely replace MSGINA.
- NSL authentication dialog is presented to the user.
- NSL authentication happens first, then ZENworks Authentication, and finally Windows authentication.

"Non-Passive mode" is the default and NSL and ZCM are installed on the same device and will occur anytime "Passive Mode" it is not explicitly enabled via the registry key above.
We are using IDM to sync eDirectory credentials to AD and the PC's are in the domain. We have SecureLogin pointing to eDirectory and ZCM pointing to AD user source. (ahh legacy installations). No one would design a scenario like this but this is where we are.

We want to have the users see the Novell GINA and not the NSL or ZCM authentication boxes, which seems to rule out both options 1 & 2 above.

Any thoughts or someone else with similar experience?