Highlighted
jimbjorklund Absent Member.
Absent Member.
2255 views

Novell Client, Win 7 ZCM 11, simultaneous eDir and AD Login

Hi, I am wondering if anyone knows exactly what specific steps are required to have the Novell Client automatically login to AD in addition to eDir when Zenworks is also installed?
The goal is to automatically have users gain access to file shares (user based NTFS rights) on a Windows domain while maintaining everything else through eDir/ZCM when they log in.

What I have so far:
Both eDir and AD with the same usernames and passwords (synced via IDM).
Client machine with Windows 7, Novell Client and ZCM, 11 authenticating to eDir.
Client machine joined to AD.

The problem I have is that the Novell client or Zenworks client (I think) refuses AD-logon and instead performs a Windows only logon no matter what parameters I set on the Novell Client (tried configuring on logon screen/registry/network adapter settings).
Specifically I can see that the registry value [HKEY_LOCAL_MACHINE\SOFTWARE\Novell\Login\Profiles\Users\"username"\Default\Tab3\Windows Domain] is always overwritten with the local computer name.

If I uninstall Zenworks from the machine I am able to get it to work for some reason (bort Novell and AD shares can be instantly accessed without manually providing credentials again.

I can see both these keys having the value "1" while logging in with Zenworks installed, which I think is weird:
[HKEY_LOCAL_MACHINE\SOFTWARE\Novell\ZCM\ZenLgn\DomainLogin], [HKEY_LOCAL_MACHINE\SOFTWARE\Novell\ZCM\ZenLgn\eDirLogin].

The user I am testing with has a non-volatile Dynamic Local User Policy applied through ZCM (which also make the account a member of the Local Administrators group) so the account is not recreated on every login via Zenworks.

Any ideas what I might be missing?
Labels (1)
0 Likes
3 Replies
Knowledge Partner
Knowledge Partner

Re: Novell Client, Win 7 ZCM 11, simultaneous eDir and AD Login

Hi.

Am 09.10.2015 um 09:26 schrieb jimbjorklund:
>
> Hi, I am wondering if anyone knows exactly what specific steps are
> required to have the Novell Client automatically login to AD


Let's get this straight first. The Novell Client never logs in to AD.
Windows does, it has nothing to do with the Novell Client at all.

So your real question really is, who tells Windows how to logon? Locally
or into AD?

> Specifically I can see that the registry value
> [HKEY_LOCAL_MACHINE\SOFTWARE\Novell\Login\Profiles\Users\"username"\Default\Tab3\Windows
> Domain] is always overwritten with the local computer name.
>
> If I uninstall Zenworks from the machine I am able to get it to work for
> some reason


Well, it seems pretty obvious then that there is something in Zenworks,
either a bundle or a policy, that forces the local windows user login.
That's not a functionality of the product(s) themself though. It rather
sounds like someone deliberatly instructed Zenworks to instruct the
machines to behave this way.

> The user I am testing with has a non-volatile Dynamic Local User Policy


Oxymoron alert. They are called dynamic *LOCAL* users for a very good
reason. When you say you're using that, then well, you're logging in
locally. You cannot have both at the same time, that contradicts each
other. Of course, even a local user can still access and login into an
AD afterwards, but that's a different story.

CU,
--
Massimo Rosen
Novell Knowledge Partner
No emails please!
http://www.cfc-it.de
CU,
--
Massimo Rosen
Micro Focus Knowledge Partner
No emails please!
http://www.cfc-it.de
Micro Focus Frequent Contributor
Micro Focus Frequent Contributor

Re: Novell Client, Win 7 ZCM 11, simultaneous eDir and AD Login


Please see if TID 7016612 is useful in this case.

https://www.novell.com/support/kb/doc.php?id=7016612



Thanks,

Earle Wells

Novell Customer Care






>>> jimbjorklund<jimbjorklund@no-mx.forums.microfocus.com> 10/9/2015 1:26 AM >>>




Hi, I am wondering if anyone knows exactly what specific steps are
required to have the Novell Client automatically login to AD in addition
to eDir when Zenworks is also installed?
The goal is to automatically have users gain access to file shares (user
based NTFS rights) on a Windows domain while maintaining everything else
through eDir/ZCM when they log in.

What I have so far:
Both eDir and AD with the same usernames and passwords (synced via
IDM).
Client machine with Windows 7, Novell Client and ZCM, 11 authenticating
to eDir.
Client machine joined to AD.

The problem I have is that the Novell client or Zenworks client (I
think) refuses AD-logon and instead performs a Windows only logon no
matter what parameters I set on the Novell Client (tried configuring on
logon screen/registry/network adapter settings).
Specifically I can see that the registry value
[HKEY_LOCAL_MACHINE\SOFTWARE\Novell\Login\Profiles\Users\"username"\Default\Tab3\Windows
Domain] is always overwritten with the local computer name.

If I uninstall Zenworks from the machine I am able to get it to work for
some reason (bort Novell and AD shares can be instantly accessed without
manually providing credentials again.

I can see both these keys having the value "1" while logging in with
Zenworks installed, which I think is weird:
[HKEY_LOCAL_MACHINE\SOFTWARE\Novell\ZCM\ZenLgn\DomainLogin],
[HKEY_LOCAL_MACHINE\SOFTWARE\Novell\ZCM\ZenLgn\eDirLogin].

The user I am testing with has a non-volatile Dynamic Local User Policy
applied through ZCM (which also make the account a member of the Local
Administrators group) so the account is not recreated on every login via
Zenworks.

Any ideas what I might be missing?


--
jimbjorklund
------------------------------------------------------------------------
jimbjorklund's Profile: https://forums.novell.com/member.php?userid=67487
View this thread: https://forums.novell.com/showthread.php?t=494582
0 Likes
jimbjorklund Absent Member.
Absent Member.

Re: Novell Client, Win 7 ZCM 11, simultaneous eDir and AD Lo

Yep, It was the Local User Policy in ZCM that forced the local only logon, thanks for pointing that out.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.