ALERT! The community will be read-only on April 19, 8am Pacific as the migration begins. Read more for important details.
ALERT! The community will be read-only on April 19, 8am Pacific as the migration begins.Read more for important details.
Cadet 2nd Class Cadet 2nd Class
Cadet 2nd Class
4393 views

ZCM 11.2.1 FDE Single Sign On to Novell Client SP2 Ir2a/3

Hi,

For a long time we have been customers of Secude who are the developers of FDE for ZCM 11.2. In the versions of FDE before ZCM 11.2, we always had the Single Sign On functionality between the Secude PBA and the Novell Client on Windows 7 with our Smart Card setup. This functionality had more or less (about 95% of the time) worked. Sometimes the PIN passthrough would work but not auto login, you had to hit enter yourself. But otherwise it was working.

Since we have now moved to ZCM 11.2 and started using the version of FDE with ZCM this functionality is no longer working. Well, it does something! As far as I can tell it makes the Advanced screen of the Novell Client show. Which when you click away, will then show you a login error with the following error code 0x8007001.

I have already an SR open for some time regarding this issue. Actually never heard anything back from Novell much about the status of the ticket until I gave up and gave them a poke. Only to be asked, "The Smartcard SSO is kerberos authentication, correct? Please take a look at TID 7010332 'Does ZCM support Kerberos authentication through Novell Client' (Support | Novell) that as published recently."

Actually we are not using Kerberos in our setup. As far as I am aware Kerberos is an Active Directory form of authentication. And seeing as we are a complete Novell customer (currently) with eDirectory etc etc, I dont know how the supporter could just simply jump to that conclusion. In fact I state in my SR what we are using which is Win7 x64 Pro, Novell Client SP2 IR2a, ZCM 11.2, NESCM 3.0.8. Which to me would suggest anything but Kerberos. But maybe that is just me!

Additionally I was then told that because I was not using Kerberos, that, that is why it does not work. I am a bit flabbergasted about this because in the doumentation it tells you what type of Novell Clients are working underneath the SSO section of the online manual for the FDE. Even more so because A: I know it was working with previous versions! e.g. With Windows 7 x64 Pro, Novell Client, NESCM 3.0.7, ZCM Agent 10.3.x and FDE 9.6 from Secude. And B: Why is it not possible for Novell to get the SSO functionality to work with there own products?

Maybe someone else is having the same issue. Maybe Shaun Pond will read this and then kick butt! Hopefully not mine.

One can only hope!

Regards

Robert
0 Likes
16 Replies
Absent Member.
Absent Member.

bbeachem;2212471 wrote:
I believe the updated FDE components that are available in 11.2.1 MU1 where manually updated by Alan on a failing setup and they unfortunately did not fix the issue. I hope that I am wrong, but nontheless I wanted to warn everyone to await confirmation before any wide scale deployment or update.


Hello,

sorry, it's not solved. We get the same error with 11.2.1 MU1:(

Is there anyone who tested with 11.2.1 MU2?

Thanks!
0 Likes
Cadet 2nd Class Cadet 2nd Class
Cadet 2nd Class

RATHL;2228919 wrote:
Hello,

sorry, it's not solved. We get the same error with 11.2.1 MU1:(

Is there anyone who tested with 11.2.1 MU2?

Thanks!


Hi,

you are right it wasn't resolved in 11.2.1 MU2. Actually the fix needed to be applied to the Novell Client and not ZCM. We had been testing the fix for the last couple of weeks and for us it is now resolved. I see tonight that Novell have released Novell Client SP2 IR5 which should be containing the same fixes as what we have been supplied with. I will at least be installing the new client tomorrow for testing.
0 Likes
Cadet 2nd Class Cadet 2nd Class
Cadet 2nd Class

rchapman29;2229751 wrote:
Hi,

you are right it wasn't resolved in 11.2.1 MU2. Actually the fix needed to be applied to the Novell Client and not ZCM. We had been testing the fix for the last couple of weeks and for us it is now resolved. I see tonight that Novell have released Novell Client SP2 IR5 which should be containing the same fixes as what we have been supplied with. I will at least be installing the new client tomorrow for testing.


Just as an additional update on this. All seems to be well with IR5. And we will be implementing SSO for all other users soon.
0 Likes
Absent Member.
Absent Member.

Rchapman29,

nice

--

Shaun Pond


0 Likes
Micro Focus Contributor
Micro Focus Contributor

NOVELL: Downloads - Novell Client 2 SP2 for Windows (IR5)

Link for Novell Client IR5 if needed by others
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.