SAFmodule 3.1 SP1 - Readme.txt
Description:
Content of Readme.txt file included in the software distribution.
PRODUCTS
SAFmodule 3.1 Service Pack 1 (SP1)
INFORMATION
Readme.txt
SAFmodule(TM)
Version 3.1 SP1
April 12, 2004
======================================================
Contents
======================================================
Special Note: Windows 98/SE Support
Release
Supported BSP Modules
Supported Add-on Modules
What's New
System Requirements
Installation & Upgrades
Known Issues
Product Documentation
Technical Support
=======================================================
Special Note: Windows 98/SE Support
=======================================================
NOTE: SAFmodule 3.1 has known issues when running on Windows 98/SE clients
with NICI 2.4.1 (which ships with NMAS 2.1). These issues do not occur with
NICI 2.1 (which ships with NMAS 2.0) or NICI 2.6 (which ships with NMAS 2.2).
The effects of these issues are listed both here and in the Known Issues
section of this Readme.
-- SAFmodule 3.1 will not install the Fast Enroll feature on a Windows 98/SE
client workstation running either NMAS 2.0 or NMAS 2.1. This feature will
be installed on Windows 98/SE client workstations only running NMAS 2.2.
-- While attempting to log on from the System Tray and while attempting to
enroll from Practice Utility, SAFmodule will fail on Windows 98/SE
workstations with NICI 2.4.1 (which ships with NMAS 2.1). An error will
be displayed during initialization.
-- While attempting to authenticate into Passlogix v-GO SSO using Saflink's
SAFauthenticator for v-GO (included), SAFmodule will fail on Windows 98/SE
workstations with NICI 2.4.1 (which ships with NMAS 2.1). An error will
be displayed during initialization.
There are also special installation instructions for using smart card on
Windows 98/SE client workstations; please see Known Issue #10 before starting
Windows 98/SE client installation.
=======================================================
Release
=======================================================
SAFmodule version 3.1 SP1
SAFmodule 3.1 Components:
-- ConsoleOne Snapins for biometric administration, smart card administration,
and license management
-- Biometric Service Providers (BSPs), see below for supported technologies
-- NMAS Login Server Methods for Netware and Windows 2000
-- NMAS Login Client Methods
-- Fast Enroll and Practice Utilities
SAFmodule 3.1 features:
-- Biometric Log on
-- Smart Card Support via Java Card method
-- Support for SAFremote Authenticator 1.1 - allowing biometric log on
and smart card support over Citrix(R) MetaFrame(R), Windows(R) Terminal
Services and XP Remote Desktop connections
-- Workstation Unlock using biometrics and/or smart cards
-- Disconnected Log on
-- Self Enrollment
-- Practice Enrollment via Practice Utility
-- Mid-Session Enrollment
-- Fast Enroll Utility
-- Administrator-controlled User Enrollment
-- User Authority Delegation
-- Support for eDirectory and NMAS running on either Netware or
Windows 2000 servers
-- Auditing
-- Single Sign-On integration with
-- Novell(R) SecureLogin
-- HealthCast(TM) eXactACCESS(TM) through Saflink SAFauthenticator(TM)
for eXactACCESS (included)
-- Passlogix(R) v-GO(R) through Saflink SAFauthenticator(TM) for v-GO
(included)
=======================================================
Supported BSP Modules
=======================================================
SAFmodule Supported Biometric Service Providers (BSP) Modules:
-- AuthenTec - fingerprint authentication
-- BIO-key (sold separately) - fingerprint authentication
-- Identix FaceIt (R) (formerly Visionics, sold separately) - face recognition
-- Iridian (sold separately) - iris recognition
-- Precise Biometrics - fingerprint authentication
-- ScanSoft - speaker verification
-- SecuGen - fingerprint authentication
-- TouchChip - fingerprint authentication
-- Veridicom - fingerprint authentication
======================================================
Supported Add-on Modules
=======================================================
SAFmodule Supported Add-on Modules:
-- SAFremote Authenticator 1.1 (sold separately) - offers users the same
biometric and/or smart card user experience when logging on remotely using
Citrix MetaFrame, Windows Terminal Services or XP Remote Desktop
-- SAFauthenticator for eXactACCESS (included) - offers HealthCast single
sign-on users the same biometric and/or smart card user experience
when logging on with HealthCast eXactACCESS
-- SAFauthenticator for v-GO (included) - offers Passlogix single sign-on
users the same biometric and/or smart card user experience when logging on
with Passlogix v-GO versions 3.1 and 4.0
=======================================================
What's New
=======================================================
SAFmodule 3.1 SP1 contains the following new features:
1) SAFmodule 3.1 now supports eDirectory 8.7 (or higher) and NMAS 2.1 running
on Windows 2000 server configuration.
2) SAFmodule 3.1 adds support for NetWare 6.5, eDirectory 8.7.1 and NMAS 2.2.
3) SAFmodule 3.1 adds support for Netware 3.4 and 4.9 client workstations.
4) SAFmodule 3.1 SP1 adds NMAS login methods for two new BSPs:
-- Iridian iris recognition BSP using the BioAPI biometric standard,
in addition to the existing Iridian logon method using the older
HAAPI standard. Enrollments from one Iridian method can not be
used to verify with the other.
-- BIO-key fingerprint BSP, which supports multiple types of fingerprint
scanner.
=========================================================
System Requirements
=========================================================
Minimum NetWare Server Requirements
NetWare 5.1 SP5 (or higher)
NMAS 2.0 Enterprise Edition (or higher)
eDirectory 8.62 (or higher)
NICI 2.1 (or higher)
ConsoleOne 1.2d (or higher)
Minimum Windows Server Requirements (to use eDirectory on Windows)
Windows 2000 SP3 or SP4 Server
NMAS 2.1 (or higher)
eDirectory 8.7 (or higher)
NICI 2.4.1 (or higher)
ConsoleOne 1.3.3 (or higher)
Minimum Client Requirements
Windows 98 SE with Netware Client 3.33 SP2 (or higher)
Windows Server 2000 Pro SP3 or SP4 with Netware Client 4.82 SP2 (or higher)
Windows NT 4.0 SP6 with Netware Client 4.82 SP2 (or higher)
Windows XP Pro SP1 with Netware Client 4.82 SP2 (or higher)
Windows Server 2003 with Netware Client 4.82 SP2 (or higher)
NMAS 2.0 Enterprise Edition (or higher)
NICI 2.1 (or higher)
Biometric hardware device
BSP software module (that works in conjunction with hardware device)
Minimum Smart Card Requirements
Windows 2000 SP3 or SP4, Windows XP SP1, Windows NT4.0 SP6, or Windows 98/SE
NMAS 2.1 Enterprise Edition (or higher)
NICI 2.4.1 (or higher)
ConsoleOne 1.3.3 (or higher)
Gemplus GemXpressoPro, FIPS, 64k Java Card
Precise Biometrics 100MC or 100SC (fingerprint/smart card combo devices)
=======================================================
Installation & Upgrades
=======================================================
NOTES:
1) User MUST be a local machine administrator to install this product.
2) Displays UI if not in silent mode. To enable silent mode, you must use
"<setup>.exe /M=cfg.txt [/S]" where cfg.txt contains the following:
SAFSILENT="TRUE"
SAFPLUGIN="TRUE"
SAFTRYPWD="TRUE"
3) Upgrade from SAFnmas 1.0/2.0 or SAFmodule 2.1 is not supported.
4) Upgrade from SAFmodule 2.2 SP1/SP2/SP3/SP4, 3.0, and 3.0 SP1 to
SAFmodule 3.1 is fully supported.
Note: Saflink requires that Login Server Methods be upgraded before
installing any Login Client Methods on client workstations.
SAFmodule 3.1 Login Server Methods are compatible with older
SAFmodule 2.2/3.0 Login Client Methods; however, new LCMs may
not be compatible with old LSMs. Depending on which Saflink version
you are upgrading from, you may need to use an NDS password
between Steps 1 and 2 below.
INSTALLATION AND UPGRADE INSTRUCTIONS:
1. Install SAFmodule 3.1 Client and Administrator Utilities on
an administrator workstation.
2. Through ConsoleOne on an administrator workstation, install the
SAFmodule LSMs or update any previously installed LSMs.
3. Launch ConsoleOne, select an appropriate tree, and open the
Saflink License Manager. When prompted, press OK to extend the
eDirectory schema.
4. Also inside the License Manager, install the license and
configure an administrative account. Close License Manager.
5. In ConsoleOne, select an appropriate tree and re-launch the Saflink
License Manager to update internal settings. Opening the
Saflink License Manager will automatically configure the newly
installed LSMs with existing licensing information. Click OK when
the dialog finishes. Do this for each appropriate tree.
6. Install SAFmodule 3.1 client on workstations.
=======================================================
Known Issues
=======================================================
KNOWN CONFIGURATION ISSUE:
1) When the Secure Workstation post login method is called by a workstation
running the Netware 4.9 or 3.4 client, eDirectory running on Windows 2000
server shuts down. This is a known issue by Novell and is environment
dependent. A patch from Novell will be available soon that resolves this issue.
This issue occurs on servers and clients running the following environment:
Server:
Windows 2000 Server
eDirectory 8.71
NMAS 2.2
NICI 2.6.0
Secure Workstation method 2.1
Client:
Netware client workstation 4.9 or 3.4
NMAS 2.2
NICI 2.6.0
Secure Workstation method 2.1
KNOWN LOGON & ENROLL ISSUES:
2) After failing a biometric or smart card log on to workstations running
the Netware 4.9, 4.9 SP1 or 4.9 SP1a clients on Windows NT/2000/XP, an
error dialog, warning "Netware Security Message - Server is out of
resources" appears after any "login failed" messages. This message is
incorrect and can be ignored. The server is not out of resources and the
log on can be retried with the correct biometric or a valid smart card.
This error dialog is a known Novell issue with these versions of the
client and is displayed in response to receiving an indication of the
failed logon from the NMAS framework. Previous to version 4.9 failed
logons resulted in a single Netware "Login failed" message with a numeric
return code. In 4.9 and 4.9 SP1 a failed log on results in both that
dialog, and the "server out of resources" message. In 4.9 SP1a, only the
"server out of resources" message is displayed. Other NMAS methods may
display a different message, indicating an "Internal error 0xFFFFF996
occurred", this is also incorrect and can be ignored.
3) When using NMAS 2.2, the "Enable Password Field" setting for each
location profile should not be checked. Do not change the default setting;
the password field should not be visible when the Netware logon client
displays. If this field has been set, any logon sequence that includes
a password method (such as NDS followed by any Saflink enroll sequence)
will fail. To unselect this checkbox, select "Novell Client Properties"
from the Novell System tray icon and then click on the "Location Profiles" tab.
Select a location profile, then "Properties", then "Login Service",
then "Properties" and then the "Credentials" tab.
KNOWN WINDOWS 98/SE ISSUES:
4) SAFmodule 3.1 will not install the Fast Enroll feature on a Windows 98/SE
client workstation running either NMAS 2.0 or NMAS 2.1. This feature will
be installed on Windows 98/SE client workstations only running NMAS 2.2.
5) While attempting to log on from the System Tray and while attempting to
enroll from Practice Utility, SAFmodule will fail on Windows 98/SE
workstations with NICI 2.4.1 (which ships with NMAS 2.1). An error will
be displayed during initialization.
6) While attempting to authenticate into Passlogix v-GO SSO using Saflink's
SAFauthenticator for v-GO (included), SAFmodule will fail on Windows 98/SE
workstations with NICI 2.4.1 (which ships with NMAS 2.1). An error will
be displayed during initialization.
7) Installing SAFmodule client onto a Windows 98/SE workstation forces a
re-boot upon completion. This only occurs on Windows 98/SE operating systems.
KNOWN SMART CARD ISSUES:
8) When using smart cards on Windows XP Professional SP1 workstations,
the "Smart Card" service "startup type" needs to be set to "Automatic".
9) Note, the only smart card device supported on Windows NT4.0 SP6 workstations
that works with SAFmodule is the Precise 100SC Parallel device.
10) When using smart cards on Windows 98/SE workstations, it is critical to
install the features in the following order:
1. Run <CD>:\BSP\Precise\BIOAPI & HAAPI\Precise Biometrics\Microsoft\scbase.exe
and DO NOT REBOOT!
2. Run <CD>:\BSP\Precise\BIOAPI & HAAPI\Precise Biometrics\Microsoft\smclib.exe.
You must reboot now.
3. Run <CD>:\BSP\Precise\BIOAPI & HAAPI\Precise Biometrics\BioMatch Standard\Setup.exe.
4. Then install the Windows drivers in
<CD>:\BSP\Precise\BIOAPI & HAAPI\Precise Biometrics\Drivers
11) Removing a smart card from a reader (or idle timeout) does not lock remote
Windows NT workstations.
12) When using SAFmodule and SAFremote Authenticator, removing a smart card
from the reader (or idle timeout) does not lock the remote workstation. This
is a Novell Secure Workstation post-logon method issue; please contact
Saflink Technical Support to see if a new version of Secure Workstation
is available.
13) When using SAFmodule while disconnected from a network (workstation
only mode), if the remote Secure Workstation policy is enabled but the
local Secure Workstation policy is disabled or not configured, removing a
smart card from the reader (or idle timeout) does not lock the disconnected
computer.
14) When logging on as a delegate using the "I am a delegate" checkbox,
smart card identification will no longer function if the user cancels or
escapes when prompted for the user's (not the delegator's) identity.
Smart card users should be encouraged not to cancel/escape when attempting
to log in as a delegate using this checkbox. Identification can be restarted
by hitting ESC to get back to the Novell logon dialog.
15) If there is no Logon Sequence selected and no default Logon Sequence
for the user, an error will be displayed when that user attempts to log on
using a smart card. To avoid this error, a default Logon Sequence can be
assigned by an administrator or the user can select an appropriate sequence
during log on.
16) SAFmodule 3.1 will display an error if an administrator selects
"SaflinkCard" after selecting the "New Object" button from the task bar in
ConsoleOne. Administrators must register a new smart card from Saflink's
"Card Detection" button on the task bar, from the Saflink Smart Card tab, or
from "New" on the File menu.
KNOWN PRACTICE UTILITY & FAST ENROLL ISSUES:
17) In SAFmodule 2.2, it was possible for a user's default Logon Sequence to
be updated when self-enrolling via Saflink Practice Utility. This no longer
occurs in SAFmodule 3.0 or 3.1.
18) If the network connection to the eDirectory server is lost when using
Fast Enroll, the administrator will experience about a 45 second delay and
then receive an invalid user error. If the network connection has been
re-established, this error will no longer occur and Fast Enroll will
respond properly.
KNOWN UNINSTALL ISSUES:
19) When uninstalling the Saflink client, Saflink recommends that unused
shared components be removed. To do this during an uninstall, select
"Yes to All" when prompted in the "Remove Shared Component" dialog. Removing
these components is necessary to remove Saflink integration with the
Netware client, such as Saflink's "I am a delegate" checkbox on the
Netware logon dialog screen. Failure to remove these components may result
in system instability and logon errors.
20) The Uninstall of SAFmodule administrator and client software does not
remove all registry keys from the local machine. These should only be removed
after verifying that no other program relies on these entries. Additionally,
Uninstall does not completely remove the Saflink folder structure.
========================================================
Product Documentation
========================================================
In addition to this Readme, the following documentation is provided with
SAFmodule 3.1 in the Documentation folder on the CD:
-- SAFmodule 3.1 Administrator's Guide
-- Getting Started
-- Tips on Using Biometrics
Adobe Reader is required to open several of these documents. You may download
the most current version at http://www.adobe.com/products/acrobat/readstep.html
======================================================
Technical Support
======================================================
Please visit http://www.saflink.com/support for our most current
technical support contact information.
======================================================
(c) Copyright Saflink Corporation 2004.
All rights reserved.
All brand and product names are trademarks of their respective companies.
Technical information in this document is subject to change without notice.
Saflink(R)
THE POWER OF BIOMETRIC AUTHENTICATION (R)
SAFMODULE(TM)
Keywords:
smd safmod safmodule novell netware nmas readme
Description:
Content of Readme.txt file included in the software distribution.
PRODUCTS
SAFmodule 3.1 Service Pack 1 (SP1)
INFORMATION
Readme.txt
SAFmodule(TM)
Version 3.1 SP1
April 12, 2004
======================================================
Contents
======================================================
Special Note: Windows 98/SE Support
Release
Supported BSP Modules
Supported Add-on Modules
What's New
System Requirements
Installation & Upgrades
Known Issues
Product Documentation
Technical Support
=======================================================
Special Note: Windows 98/SE Support
=======================================================
NOTE: SAFmodule 3.1 has known issues when running on Windows 98/SE clients
with NICI 2.4.1 (which ships with NMAS 2.1). These issues do not occur with
NICI 2.1 (which ships with NMAS 2.0) or NICI 2.6 (which ships with NMAS 2.2).
The effects of these issues are listed both here and in the Known Issues
section of this Readme.
-- SAFmodule 3.1 will not install the Fast Enroll feature on a Windows 98/SE
client workstation running either NMAS 2.0 or NMAS 2.1. This feature will
be installed on Windows 98/SE client workstations only running NMAS 2.2.
-- While attempting to log on from the System Tray and while attempting to
enroll from Practice Utility, SAFmodule will fail on Windows 98/SE
workstations with NICI 2.4.1 (which ships with NMAS 2.1). An error will
be displayed during initialization.
-- While attempting to authenticate into Passlogix v-GO SSO using Saflink's
SAFauthenticator for v-GO (included), SAFmodule will fail on Windows 98/SE
workstations with NICI 2.4.1 (which ships with NMAS 2.1). An error will
be displayed during initialization.
There are also special installation instructions for using smart card on
Windows 98/SE client workstations; please see Known Issue #10 before starting
Windows 98/SE client installation.
=======================================================
Release
=======================================================
SAFmodule version 3.1 SP1
SAFmodule 3.1 Components:
-- ConsoleOne Snapins for biometric administration, smart card administration,
and license management
-- Biometric Service Providers (BSPs), see below for supported technologies
-- NMAS Login Server Methods for Netware and Windows 2000
-- NMAS Login Client Methods
-- Fast Enroll and Practice Utilities
SAFmodule 3.1 features:
-- Biometric Log on
-- Smart Card Support via Java Card method
-- Support for SAFremote Authenticator 1.1 - allowing biometric log on
and smart card support over Citrix(R) MetaFrame(R), Windows(R) Terminal
Services and XP Remote Desktop connections
-- Workstation Unlock using biometrics and/or smart cards
-- Disconnected Log on
-- Self Enrollment
-- Practice Enrollment via Practice Utility
-- Mid-Session Enrollment
-- Fast Enroll Utility
-- Administrator-controlled User Enrollment
-- User Authority Delegation
-- Support for eDirectory and NMAS running on either Netware or
Windows 2000 servers
-- Auditing
-- Single Sign-On integration with
-- Novell(R) SecureLogin
-- HealthCast(TM) eXactACCESS(TM) through Saflink SAFauthenticator(TM)
for eXactACCESS (included)
-- Passlogix(R) v-GO(R) through Saflink SAFauthenticator(TM) for v-GO
(included)
=======================================================
Supported BSP Modules
=======================================================
SAFmodule Supported Biometric Service Providers (BSP) Modules:
-- AuthenTec - fingerprint authentication
-- BIO-key (sold separately) - fingerprint authentication
-- Identix FaceIt (R) (formerly Visionics, sold separately) - face recognition
-- Iridian (sold separately) - iris recognition
-- Precise Biometrics - fingerprint authentication
-- ScanSoft - speaker verification
-- SecuGen - fingerprint authentication
-- TouchChip - fingerprint authentication
-- Veridicom - fingerprint authentication
======================================================
Supported Add-on Modules
=======================================================
SAFmodule Supported Add-on Modules:
-- SAFremote Authenticator 1.1 (sold separately) - offers users the same
biometric and/or smart card user experience when logging on remotely using
Citrix MetaFrame, Windows Terminal Services or XP Remote Desktop
-- SAFauthenticator for eXactACCESS (included) - offers HealthCast single
sign-on users the same biometric and/or smart card user experience
when logging on with HealthCast eXactACCESS
-- SAFauthenticator for v-GO (included) - offers Passlogix single sign-on
users the same biometric and/or smart card user experience when logging on
with Passlogix v-GO versions 3.1 and 4.0
=======================================================
What's New
=======================================================
SAFmodule 3.1 SP1 contains the following new features:
1) SAFmodule 3.1 now supports eDirectory 8.7 (or higher) and NMAS 2.1 running
on Windows 2000 server configuration.
2) SAFmodule 3.1 adds support for NetWare 6.5, eDirectory 8.7.1 and NMAS 2.2.
3) SAFmodule 3.1 adds support for Netware 3.4 and 4.9 client workstations.
4) SAFmodule 3.1 SP1 adds NMAS login methods for two new BSPs:
-- Iridian iris recognition BSP using the BioAPI biometric standard,
in addition to the existing Iridian logon method using the older
HAAPI standard. Enrollments from one Iridian method can not be
used to verify with the other.
-- BIO-key fingerprint BSP, which supports multiple types of fingerprint
scanner.
=========================================================
System Requirements
=========================================================
Minimum NetWare Server Requirements
NetWare 5.1 SP5 (or higher)
NMAS 2.0 Enterprise Edition (or higher)
eDirectory 8.62 (or higher)
NICI 2.1 (or higher)
ConsoleOne 1.2d (or higher)
Minimum Windows Server Requirements (to use eDirectory on Windows)
Windows 2000 SP3 or SP4 Server
NMAS 2.1 (or higher)
eDirectory 8.7 (or higher)
NICI 2.4.1 (or higher)
ConsoleOne 1.3.3 (or higher)
Minimum Client Requirements
Windows 98 SE with Netware Client 3.33 SP2 (or higher)
Windows Server 2000 Pro SP3 or SP4 with Netware Client 4.82 SP2 (or higher)
Windows NT 4.0 SP6 with Netware Client 4.82 SP2 (or higher)
Windows XP Pro SP1 with Netware Client 4.82 SP2 (or higher)
Windows Server 2003 with Netware Client 4.82 SP2 (or higher)
NMAS 2.0 Enterprise Edition (or higher)
NICI 2.1 (or higher)
Biometric hardware device
BSP software module (that works in conjunction with hardware device)
Minimum Smart Card Requirements
Windows 2000 SP3 or SP4, Windows XP SP1, Windows NT4.0 SP6, or Windows 98/SE
NMAS 2.1 Enterprise Edition (or higher)
NICI 2.4.1 (or higher)
ConsoleOne 1.3.3 (or higher)
Gemplus GemXpressoPro, FIPS, 64k Java Card
Precise Biometrics 100MC or 100SC (fingerprint/smart card combo devices)
=======================================================
Installation & Upgrades
=======================================================
NOTES:
1) User MUST be a local machine administrator to install this product.
2) Displays UI if not in silent mode. To enable silent mode, you must use
"<setup>.exe /M=cfg.txt [/S]" where cfg.txt contains the following:
SAFSILENT="TRUE"
SAFPLUGIN="TRUE"
SAFTRYPWD="TRUE"
3) Upgrade from SAFnmas 1.0/2.0 or SAFmodule 2.1 is not supported.
4) Upgrade from SAFmodule 2.2 SP1/SP2/SP3/SP4, 3.0, and 3.0 SP1 to
SAFmodule 3.1 is fully supported.
Note: Saflink requires that Login Server Methods be upgraded before
installing any Login Client Methods on client workstations.
SAFmodule 3.1 Login Server Methods are compatible with older
SAFmodule 2.2/3.0 Login Client Methods; however, new LCMs may
not be compatible with old LSMs. Depending on which Saflink version
you are upgrading from, you may need to use an NDS password
between Steps 1 and 2 below.
INSTALLATION AND UPGRADE INSTRUCTIONS:
1. Install SAFmodule 3.1 Client and Administrator Utilities on
an administrator workstation.
2. Through ConsoleOne on an administrator workstation, install the
SAFmodule LSMs or update any previously installed LSMs.
3. Launch ConsoleOne, select an appropriate tree, and open the
Saflink License Manager. When prompted, press OK to extend the
eDirectory schema.
4. Also inside the License Manager, install the license and
configure an administrative account. Close License Manager.
5. In ConsoleOne, select an appropriate tree and re-launch the Saflink
License Manager to update internal settings. Opening the
Saflink License Manager will automatically configure the newly
installed LSMs with existing licensing information. Click OK when
the dialog finishes. Do this for each appropriate tree.
6. Install SAFmodule 3.1 client on workstations.
=======================================================
Known Issues
=======================================================
KNOWN CONFIGURATION ISSUE:
1) When the Secure Workstation post login method is called by a workstation
running the Netware 4.9 or 3.4 client, eDirectory running on Windows 2000
server shuts down. This is a known issue by Novell and is environment
dependent. A patch from Novell will be available soon that resolves this issue.
This issue occurs on servers and clients running the following environment:
Server:
Windows 2000 Server
eDirectory 8.71
NMAS 2.2
NICI 2.6.0
Secure Workstation method 2.1
Client:
Netware client workstation 4.9 or 3.4
NMAS 2.2
NICI 2.6.0
Secure Workstation method 2.1
KNOWN LOGON & ENROLL ISSUES:
2) After failing a biometric or smart card log on to workstations running
the Netware 4.9, 4.9 SP1 or 4.9 SP1a clients on Windows NT/2000/XP, an
error dialog, warning "Netware Security Message - Server is out of
resources" appears after any "login failed" messages. This message is
incorrect and can be ignored. The server is not out of resources and the
log on can be retried with the correct biometric or a valid smart card.
This error dialog is a known Novell issue with these versions of the
client and is displayed in response to receiving an indication of the
failed logon from the NMAS framework. Previous to version 4.9 failed
logons resulted in a single Netware "Login failed" message with a numeric
return code. In 4.9 and 4.9 SP1 a failed log on results in both that
dialog, and the "server out of resources" message. In 4.9 SP1a, only the
"server out of resources" message is displayed. Other NMAS methods may
display a different message, indicating an "Internal error 0xFFFFF996
occurred", this is also incorrect and can be ignored.
3) When using NMAS 2.2, the "Enable Password Field" setting for each
location profile should not be checked. Do not change the default setting;
the password field should not be visible when the Netware logon client
displays. If this field has been set, any logon sequence that includes
a password method (such as NDS followed by any Saflink enroll sequence)
will fail. To unselect this checkbox, select "Novell Client Properties"
from the Novell System tray icon and then click on the "Location Profiles" tab.
Select a location profile, then "Properties", then "Login Service",
then "Properties" and then the "Credentials" tab.
KNOWN WINDOWS 98/SE ISSUES:
4) SAFmodule 3.1 will not install the Fast Enroll feature on a Windows 98/SE
client workstation running either NMAS 2.0 or NMAS 2.1. This feature will
be installed on Windows 98/SE client workstations only running NMAS 2.2.
5) While attempting to log on from the System Tray and while attempting to
enroll from Practice Utility, SAFmodule will fail on Windows 98/SE
workstations with NICI 2.4.1 (which ships with NMAS 2.1). An error will
be displayed during initialization.
6) While attempting to authenticate into Passlogix v-GO SSO using Saflink's
SAFauthenticator for v-GO (included), SAFmodule will fail on Windows 98/SE
workstations with NICI 2.4.1 (which ships with NMAS 2.1). An error will
be displayed during initialization.
7) Installing SAFmodule client onto a Windows 98/SE workstation forces a
re-boot upon completion. This only occurs on Windows 98/SE operating systems.
KNOWN SMART CARD ISSUES:
8) When using smart cards on Windows XP Professional SP1 workstations,
the "Smart Card" service "startup type" needs to be set to "Automatic".
9) Note, the only smart card device supported on Windows NT4.0 SP6 workstations
that works with SAFmodule is the Precise 100SC Parallel device.
10) When using smart cards on Windows 98/SE workstations, it is critical to
install the features in the following order:
1. Run <CD>:\BSP\Precise\BIOAPI & HAAPI\Precise Biometrics\Microsoft\scbase.exe
and DO NOT REBOOT!
2. Run <CD>:\BSP\Precise\BIOAPI & HAAPI\Precise Biometrics\Microsoft\smclib.exe.
You must reboot now.
3. Run <CD>:\BSP\Precise\BIOAPI & HAAPI\Precise Biometrics\BioMatch Standard\Setup.exe.
4. Then install the Windows drivers in
<CD>:\BSP\Precise\BIOAPI & HAAPI\Precise Biometrics\Drivers
11) Removing a smart card from a reader (or idle timeout) does not lock remote
Windows NT workstations.
12) When using SAFmodule and SAFremote Authenticator, removing a smart card
from the reader (or idle timeout) does not lock the remote workstation. This
is a Novell Secure Workstation post-logon method issue; please contact
Saflink Technical Support to see if a new version of Secure Workstation
is available.
13) When using SAFmodule while disconnected from a network (workstation
only mode), if the remote Secure Workstation policy is enabled but the
local Secure Workstation policy is disabled or not configured, removing a
smart card from the reader (or idle timeout) does not lock the disconnected
computer.
14) When logging on as a delegate using the "I am a delegate" checkbox,
smart card identification will no longer function if the user cancels or
escapes when prompted for the user's (not the delegator's) identity.
Smart card users should be encouraged not to cancel/escape when attempting
to log in as a delegate using this checkbox. Identification can be restarted
by hitting ESC to get back to the Novell logon dialog.
15) If there is no Logon Sequence selected and no default Logon Sequence
for the user, an error will be displayed when that user attempts to log on
using a smart card. To avoid this error, a default Logon Sequence can be
assigned by an administrator or the user can select an appropriate sequence
during log on.
16) SAFmodule 3.1 will display an error if an administrator selects
"SaflinkCard" after selecting the "New Object" button from the task bar in
ConsoleOne. Administrators must register a new smart card from Saflink's
"Card Detection" button on the task bar, from the Saflink Smart Card tab, or
from "New" on the File menu.
KNOWN PRACTICE UTILITY & FAST ENROLL ISSUES:
17) In SAFmodule 2.2, it was possible for a user's default Logon Sequence to
be updated when self-enrolling via Saflink Practice Utility. This no longer
occurs in SAFmodule 3.0 or 3.1.
18) If the network connection to the eDirectory server is lost when using
Fast Enroll, the administrator will experience about a 45 second delay and
then receive an invalid user error. If the network connection has been
re-established, this error will no longer occur and Fast Enroll will
respond properly.
KNOWN UNINSTALL ISSUES:
19) When uninstalling the Saflink client, Saflink recommends that unused
shared components be removed. To do this during an uninstall, select
"Yes to All" when prompted in the "Remove Shared Component" dialog. Removing
these components is necessary to remove Saflink integration with the
Netware client, such as Saflink's "I am a delegate" checkbox on the
Netware logon dialog screen. Failure to remove these components may result
in system instability and logon errors.
20) The Uninstall of SAFmodule administrator and client software does not
remove all registry keys from the local machine. These should only be removed
after verifying that no other program relies on these entries. Additionally,
Uninstall does not completely remove the Saflink folder structure.
========================================================
Product Documentation
========================================================
In addition to this Readme, the following documentation is provided with
SAFmodule 3.1 in the Documentation folder on the CD:
-- SAFmodule 3.1 Administrator's Guide
-- Getting Started
-- Tips on Using Biometrics
Adobe Reader is required to open several of these documents. You may download
the most current version at http://www.adobe.com/products/acrobat/readstep.html
======================================================
Technical Support
======================================================
Please visit http://www.saflink.com/support for our most current
technical support contact information.
======================================================
(c) Copyright Saflink Corporation 2004.
All rights reserved.
All brand and product names are trademarks of their respective companies.
Technical information in this document is subject to change without notice.
Saflink(R)
THE POWER OF BIOMETRIC AUTHENTICATION (R)
SAFMODULE(TM)
Keywords:
smd safmod safmodule novell netware nmas readme