Hi,

I have problems getting Smartcard Login to work with the "login with non-novell credential provider" option enabled.

Setup is as follows:

- Terminal Services running on Windows 2008 R2
- User account in eDirectory and Active Directory with same user name & password
- On the server: Novell Client 2 SP1 IR3, Cryptovision Smartcard middleware (CSP), Enhanced Smart Card Method 3.0.7 (NMAS Authentication = ON in Novell Client)
- Client: tested with both Windows XP and Windows 7 clients with same results


Configuration 1:
- Novell Client setting "login with non-novell credential provider" = ON
- Novell Client setting "Novell Logon" = OFF
- Logging in with username & password
- Result: works as expected: authenticated in AD & eDirectory and Novell scripts are executed

Configuration 2:
- Novell Client setting "login with non-novell credential provider" = doesn't matter
- Novell Client setting "Novell Logon" = ON
- Logging in with username & password
- Result: works as expected: authenticated in AD & eDirectory and Novell scripts are executed

Configuration 3:
- Novell Client setting "login with non-novell credential provider" = doesn't matter
- Novell Client setting "Novell Logon" = ON
- Logging in with Smartcard
- Result: authenticated in eDirectory, Novell scripts executed BUT asks for password for Active Directory login (Novell client passes the typed-in Smart Card PIN to the Active Directory Domain Controllers as password...)

Configuration 4:
- Novell Client setting "login with non-novell credential provider" = ON
- Novell Client setting "Novell Logon" = OFF
- Logging in with Smartcard
- Result: authenticated in Active Directory. Not authenticated in eDirectory and Novell scripts don't run. Doesn't even ask for eDirectory credentials (password or PIN)

In all cases, the "TSClientAutoAdminLogon" policy doesn't change a thing on the behaviour/result.

In configuration 4, with NMAS tracing enabled, nothing is logged in the trace file at all. So it looks like the Enhanced Smart Card Method is not even called. Still in configuration 4, I can right-click the red N in the taskbar and log in to eDirectory using the Smart Card...

Configuration 4 is what we need. As far as I remember, "passive mode" (in the XP/2003 Novell Client) respectively "login with non-novell credential provider" has been implemented by Novell for this very purpose. Or not?

I would REALLY appreciate any help on this. It's been weeks of trying, googling etc to get this running :-(

Thanks a lot!

Tom