I've assigned 'password' policy to a computer group in System tree and then assigned 'etoken' policy to some AD groud using Policy assignment rules. After few Send/Recieve Policy/Events from the agent interface users from the group still have to use passwords.
Do the users have in Active Directory digital certificates issued with the purpose of smartcard logon? You do have a Microsoft Enterprise CA, right?on 10/11/12 6:39:42 AM CDT
Certificates are issued, they are stored in UserCertificate LDAP Attribute. I've changed cert field name in the AD sync task. Yes, it is a MS CA. In AD attributes I can see certificates exactly in userCertificate attribute. Is there a way to check ceritificates in EEPC user info?
Where have you applied the policy to use the smardcards? at "My organisation" level? If not, try using a policy assignment rule to assign the user based policy to specific users that you're testing. From what I recall, the default policy applied to users is the one at my organisation level, and if you want specific polcies for users, or ad security groups of users, you'll have to use policy assignment rules.
I applied eToken Policy to users via Polisy Assignments Rule and activate UBP on these users. Sorry, last changes I have not tested yet so please wait for result 1-2 days more. If I find where I made mistake I will write about it here.