You can use Odyssey's GINA module to allow users of Windows XP or 2000 to connect to the network using their Windows logon credentials prior to Windows logon. Connecting prior to Windows logon can be helpful when users have startup processes that require network connections. You cannot use this connection feature without installing Odyssey's GINA module.
You can configure Odyssey Client for EAP-TTLS or EAP-PEAP authentication prior to Windows logon using the Odyssey Client Administrator and the Odyssey GINA module.
For special instructions on configuring Odyssey Client for Novell Single Sign-On, see KB10583 .
Before you begin
You must have installed (and know the name of) the CA (certificate authority) issued certificate that is used for server validation. This certificate must be installed in the trusted root certificate store of the local machine. See the instructions on Installing a Certificate on the Client Machine of KB10484 in order to do this.
There are three main steps to configuring Odyssey Client for prior to Windows logon connections:
- Specify the network configuration using Initial Settings in Odyssey Client Administrator.
- Specify the user account and GINA connection settings using Connection Settings in Odyssey Client Administrator.
- Test your connection settings, and reconfigure Initial Settings and/or Connection Settings as necessary.
To access Odyssey Client Administrator, select Settings > Odyssey Client Administrator in Odyssey Client Manager.
- Specify a network configuration for EAP-TTLS or EAP-PEAP connections prior to Windows logon (using GINA)
Before you can complete the connection settings configuration for prior to Windows logon connections, you must first specify the network configuration in Initial Settings of Odyssey Client Administrator.
The network configuration steps for Initial Settings in Odyssey Client Administrator are identical to those for Odyssey Client Manager. Follow steps 1 - 5 described in KB10663 (for EAP-TTLS) or KB10661 (for EAP-PEAP), except that instead of performing these steps in the Odyssey Client Manager, perform them in Initial Settings of OdysseyClient Administrator. Note that you should leave the login name blank when you create profiles for use with GINA in Initial Settings.
- Specify user account connection settings and install the Odyssey GINA module
Follow these steps to complete the configuration of Connection Settings in Odyssey Client Administrator:
- Double-click Connection Settings in Odyssey Client Administrator.
- Select the GINA tab, and click Install Odyssey GINA Module. Note that you see the Remove Odyssey GINA Module button instead, then the GINA module is already installed and you can skip this step.
- Select the User Account tab, and select Prior to Windows logon using the following settings.
- Click OK when you are done.
Note 1: In the event that you require authentication at machine startup time, you can optionally configure machine account settings to have your users connect to the network using the machine account at machine startup time, and then drop that connection to connect to the network with user credentials prior to Windows logon. In this case, configure machine account settings on the Machine Account tab of Connection Settings before you click OK as in step 4. See KB10483 for complete instructions for configuring machine account connections followed by user authentication.
Note 2: If you intend to use Odyssey Client for single sign-on authentication to an external database other than Windows, check Prompt before connecting to the network after step II 3, and before you click OK to close Connection Settings.
- Test your connection settings
You can test your prior to Windows logon connection settings as follows:
- Select Commands > Reload and Test Initial Settings, and open Odyssey Client Manager.
- Check the connection status on the Connection panel of Odyssey Client Manager.
- Modify any settings in Initial Settings (Odyssey Client) or in Connection Settings, and re-test as necessary from Initial Settings (Odyssey Client).