Configuring Advanced Local Authentication Procedures 125novdocx (en) 19 February 20103.5 Configuring Access Manager for NESCMTo use a smart card with Access Manager, you need to configure Access Manager to use theeDirectory server where you have installed the Novell Enhanced Smart Card Login Method forNMAS (NESCM). You then need to create a contract that knows how to prompt the user for thesmart card credentials. The last task is to assign this contract to the protected resources that you wantprotected with a smart card. The following sections describe prerequisites and the tasks: Section 3.5.1, “Prerequisites,” on page 125 Section 3.5.2, “Creating a User Store,” on page 125 Section 3.5.3, “Creating a Contract for the Smart Card,” on page 127 Section 3.5.4, “Assigning the NESCM Contract to a Protected Resource,” on page 131 Section 3.5.5, “Verifying the User’s Experience,” on page 131 Section 3.5.6, “Troubleshooting,” on page 1323.5.1 Prerequisites Make sure you can authenticate to the eDirectory server using the smart card from aworkstation. The NESCM method needs to be installed on the eDirectory server and the workstation.See “Installing the Method” (http://www.novell.com/documentation/iasclient30x/nescm_install/data/b7gx5la.html) in the Novell Enhanced Smart Card Method Installationand Administration Guide (http://www.novell.com/documentation/iasclient30x/nescm_install/data/bookinfo.html). The NESCM method needs to be configured. See “Configuring the Server” (http://www.novell.com/documentation/iasclient30x/nescm_install/data/b7tf2gi.html) in theNovell Enhanced Smart Card Method Installation and Administration Guide (http://www.novell.com/documentation/iasclient30x/nescm_install/data/bookinfo.html). Provision your smart card according to your company policy. Make sure you have a basic Access Gateway configuration with a protected resource that youwant to protect with a smart card. For more information, see the Novell Access Manager 3.1SP1 Installation Guide and the Novell Access Manager 3.1 SP1 Setup Guide.3.5.2 Creating a User StoreThe Identity Server must be configured to use the eDirectory replica where you have installed theNESCM server method. If you have already configured the Identity Server to use this replica, skip this section andcontinue with Section 3.5.3, “Creating a Contract for the Smart Card,” on page 127. If your Identity Server is using a different user store, you need to configure the Identity Server.To configure the Identity Server for the eDirectory replica that has the NESCM method:1 In the Administration Console, click Devices > Identity Servers > Edit > Local> User Stores >New.