Novell

This is Your Open EnterpriseTM

Novell Client 4.91 Post-SP5 Login Files 6

This document (5068340) is provided subject to the disclaimer at the end of this document.

patches this patch supersedes

FileProductStatusPatch
491psp5_login_5.zipNovell Client 4.91 SP5 for Windows XP/2003ObsoleteNovell Client 4.91 Post-SP5 Login Files 5

patches that supersede this patch

ProductStatusNext Superceded ByLast Superceded By
Novell Client 4.91 SP5 for Windows XP/2003ObsoleteNovell Client 4.91 Post-SP5 Login Files 7Novell Client 4.91 Post-SP5 Login Files 7
Novell ZENworks Endpoint Security Management 4.1ObsoleteNovell Client 4.91 Post-SP5 Login Files 7Novell Client 4.91 Post-SP5 Login Files 7

patch attributes

Architecture: x86
Security patch: No
Priority: Optional
Distribution Type: Public
http://download.novell.com/Download?buildid=U_rsMN4DRnY~

document

Revision: 3
Document ID: 5068340
Creation Date: 2010-02-03 15:27:12
Modified Date: 2010-03-01 10:41:04

abstract

491psp5_login_6.zip is a patch file for the Novell Client v4.91 SP5 for Windows 2000/XP/2003. It includes fixes for problems found after the 4.91 SP5 client update was released.

details

System Requirements:
This patch is designed to update the Novell Client v4.91 SP5 for Windows 2000/XP/2003. Be sure to install only on this version of the client.

Installation:
1. (Optional) Rename the existing nwgina.dll, lgncxw32.dll and loginw32.dll (with a .old extension, for example) in the \System32 folder. Do not reboot before proceeding!
2. Install the files by doing ONE of the following:
a) Run _491psp5_login_6.bat file.
b) Right-Click on _491psp5_login_6.inf and click on INSTALL.
c) Manually copy and replace the existing files in the directory listed in Step 1, above.
3. You will be prompted to reboot. This reboot is required to complete the installation.

The files in this package can also be overlaid on top of a Novell Client 4.91 SP5 installation set. Such that when SETUPNW.EXE is run to install the Novell Client, you will be installing the core 4.91 SP5 client and the updates contained in this package in one operation. To update the installation set with the file(s) in this updated package, copy the directory structure over the top of the matching directory structure found in the Novell Client 4.91 SP5 installation set.

SETUPIP Users Note: This update package contains a file named "readme.html". Presence of such a file in the Novell Client installation set can cause download via SETUPIP to fail, because many web servers treat files such as readme.html and index.html specially and will change the format of the file listings SETUPIP is trying to obtain from the web server. When overlaying this update package onto a Novell Client installation set that will be used for SETUPIP download, either remove or do not copy the readme.html file when overlaying the files.

Technical Support Information:
New Fixes included in this release:
1. ZESM integrated authentication with NWGINA. (See TID 7005278)

Previous fix included in this release:
1. Third party logon script won't execute. (Bug 403918)
2. NESCM: Issue with Smartcard removal behavior. (Bug 431161)
3. Optional Windows account audit event during eDirectory workstation unlock. See TID 7001002. (Bug 460905)
4. Remove forgotten password link from non-eDirectory login dialog modes. (Bug 422718)
5. Invoking forgotten password from workstation unlock dialog conflicts with ZENworks workstation login. (Bug 447092)
6. Unable to browse contexts when class definition more than 16KB. (Bug 474918)

When attempting to use the "Contexts" button from the Novell Client login dialog to browse contexts, but the current eDirectory tree's schema extensions exceed 16KB worth of schema information for User-class objects, the "Contexts" list will come up partially or completely empty. The working buffers for processing the User-class object schema in the "Contexts" browser has now been increased to the eDirectory maximum of 64KB.

7. Fire LDAP Contextless Login during PassiveModeNDSLogin. (Bug 470228)

Support has been implemented for triggering LDAP Contextless Login during PassiveModeNDSLogin processing. Similar to LDAP Contextless Login processing that occurs during AutoAdminLogon and TSClientAutoAdminLogon, with this update installed LDAP Contextless Login will occur by default during PassiveModeNDSLogin, if LDAP Contextless Login is enabled on the LDAP Contextless Login tab of the Novell Client Properties.

If a situation were to arise where it was desired to have LDAP Contextless Login enabled on the machine, but NOT have LDAP Contextless Login fire during PassiveModeNDSLogin processing, it is possible to "opt out" of the PassiveModeNDSLogin LDAP Contextless Login processing by creating the following registry-based policy value:

[HKEY_LOCAL_MACHINE\Software\Novell\Login]
"AllowPassiveModeNDSLoginContextlessLogin"=dword:00000000

If this registry value exists and is set to 0x00000000, no LDAP Contextless Login will be triggered during PassiveModeNDSLogin. If this value is set to 0x00000001 or does not exist in the registry, then the LDAP Contextless Login feature of the Novell Client will engage during PassiveModeNDSLogin.

8. Allow suppression of LDAP Contextless Login error messages. (Bug 343524)

Some customer scenarios would prefer that the LDAP Contextless Login feature of the Novell Client would "silently fail" without presenting any additional error messages to the end-user. Support for a registry-based policy has been added as follows:

[HKEY_LOCAL_MACHINE\SOFTWARE\Novell\Graphical Login\NWLGE\LDAP Contextless]
"DisableErrorMessages"=dword:00000001

If this registry value exists and is set to 0x00000001, no error messages will be presented by the LDAP Contextless Login feature of the Novell Client. If this value is set to 0x00000000 or does not exist in the registry, then the LDAP Contextless Login feature of the Novell Client will present error messages when LDAP-related operations have failed.

Note that in addition, when an otherwise "silent" eDirectory login would have occurred (e.g. TSClientAutoAdminLogon, PassiveModeNDSLogin, PassiveModeNDSLoginSilent), the LDAP Contextless Login error messages will now also be suppressed by default in these scenarios too. Only when the Novell Client login dialog is actually visible and interactive will the LDAP Contextless Login error messages be allowed to display.

9. Allow alternate credentials for PassiveModeNDSLogin. (Bug 473163)

The Novell Client "PassiveModeNDSLogin" configuration by default uses the Windows user account name and password received from MSGINA.DLL to attempt performing an eDirectory login after MSGINA.DLL's Windows account logon has already occurred. For more information on "PassiveModeNDSLogin", please see the Novell Support Knowledgebase (http://www.novell.com/support/).

Some customer scenarios desire using the MSGINA.DLL-driven login experience achieved by PassiveMode, but need for the "PassiveModeNDSLogin" functionality to use a statically-configured set of eDirectory credentials instead of defaulting to the Windows account name and password.

This NWGINA.DLL implements support for an optional "PassiveModeNDSLoginDefaultUsername" configuration value under [HKEY_LOCAL_MACHINE\Software\Novell\Login]. In addition, support for an encrypted "NovellDefaultPassword" value has been added. (The encrypted password is stored using the Windows LsaStorePrivateData API, similar to how Windows 2000 and later support storing the encrypted password for Windows AutoAdminLogon.) Finally, support for an optional clear-text "PassiveModeNDSLoginDefaultPassword" configuration value under [HKEY_LOCAL_MACHINE\Software\Novell\Login] is also provided.

If "PassiveModeNDSLoginDefaultUsername" and either "PassiveModeNDSLoginDefaultPassword" or the LSA-encrypted "NovellDefaultPassword" are configured, NWGINA.DLL will use this username and password specification instead of the Windows account username and password when performing PassiveModeNDSLogin processing.

If one or both of the "PassiveModeNDSLoginDefaultUsername" and "NovellDefaultPassword" / "PassiveModeNDSLoginDefaultPassword" values are missing, NWGINA.DLL will continue defaulting to using the Windows account username and password.

If both the LSA-encrypted "NovellDefaultPassword" value and the "PassiveModeNDSLoginDefaultPassword" clear-text registry value are defined, the clear-text "PassiveModeNDSLoginDefaultPassword" value will take precedence.

A command-line utility "PassiveModeAlternateCredentials.exe" is also provided in the attached .ZIP. If you run PassiveModeAlternateCredentials.exe without any parameters, it will display the following help screen explaining the usage:

PassiveModeNDSLogin Alternate Credentials Utility
PassiveModeAlternateCredentials.exe 4.91.5.4

Useage:
PassiveModeAlternateCredentials.exe username password
PassiveModeAlternateCredentials.exe /DELETE

username - The simple common name of an eDirectory user object
expected to be found in the default context of the location
profile or via LDAP Contextless Login, or the full DN form
(with leading period character) of an eDirectory user object.

password - The password that corresponds to the eDirectory user.

/DELETE - Removes any existing PassiveModeNDSLogin alternate
credential configuration that exist on the local machine.

Example:
PassiveModeAlternateCredentials.exe .admin.novell mypassword
PassiveModeAlternateCredentials.exe admin mypassword
PassiveModeAlternateCredentials.exe /DELETE

Note this PassiveModeAlternateCredentials.exe utility is not "installed" by the included .INF; it's simply available for an administrator to use for easily setting the "PassiveModeNDSLoginDefaultUsername" and encrypted "NovellDefaultPassword" values used by this feature.

To disable use of the alternate credentials, run "PassiveModeAlternateCredentials.exe /delete" to remove all forms of the PassiveModeNDSLogin alternate credential configurations. Alternatively, simply delete the "PassiveModeNDSLoginDefaultUsername" registry value from [HKEY_LOCAL_MACHINE\Software\Novell\Login], and the password value will be ignored if still set via the LSA-encrypted "NovellDefaultPassword" or "PassiveModeNDSLoginDefaultPassword" clear-text configuration values.

10. Kerberos Realm is not read from the location profile. (Bug 506133 )
11. PassiveModeNDSLogin contextless login support causes LDAP lookup during workstation unlock. (Bug 492289)
12. Login failure when UPN name is not derived from / equal to the SAM account name. (Bug 536411)

file contents

Compressed File Name: 491psp5_login_6.zip

Files IncludedSizeDate
491psp5_login_6/redir/NWGINA.dll416.5 KB (426496)2010-02-03 15:19:03
491psp5_login_6/redir/LgnCxW32.dll56.0 KB (57424)2010-02-03 15:18:54
491psp5_login_6/libs32/LoginW32.dll488.0 KB (499780)2010-02-03 15:18:25
readme_5068340.htmlN/A2010-03-01 10:41:05

disclaimer

The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information. Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.

Novell is a registered trademark of Novell, Inc. in the United States and other countries. SUSE is a registered trademark of SUSE Linux AG, a Novell business. *All third-party trademarks are the property of their respective owners.

© 2007 Novell, Inc. All Rights Reserved.