PCSClite + OpenSC + RDesktop + Gemalto IDPrime .NET SmartCard

classic Classic list List threaded Threaded
11 messages Options
Reply | Threaded
Open this post in threaded view
|

PCSClite + OpenSC + RDesktop + Gemalto IDPrime .NET SmartCard

Steven D Brown

Hello Folks,

This is my first post here, I did some searches of the mailing list via
Google but didn't see anything relevant.

I have the following setup:

RedHat 6.4 / Ubuntu 12.xx laptops
Rdesktop 1.7.1
PSCSlite 1.8.5

Gemalto Reader as shown here:
http://pcsclite.alioth.debian.org/ccid/supported.html#0x08E60x3437  ,
although it is a USB model

I would like to be able to use my Gemalto IDPrime .NET (
http://www.gemalto.com/products/dotnet_card/ ) card to login to a Windows
Server from my Linux laptops.


I have spent the past week or so speaking to Dr Rousseau about PCSClite and
he says that the Windows server is asking for some attributes that PCSC is
currently unequipped to handle on these cards.    Because this is a
self-motivated project within my department, I am unable to fund a massive
research project to sort this out.

I was hoping maybe someone here could help me.    I have received a ZIP
file from Gemalto which contains their PKCS11 Library for use with these
cards.

Would someone here be willing to work with me to make these cards
compatible with PSCS / OpenSC / OpenCT / Whatever?

Is it possible?

Steven Brown, Support Consultant
ISM Canada  An IBM Global Services Company
1 Research Drive, Regina, Saskatchewan, Canada,S4S7H1
Mail:  [hidden email]
Direct: 1.306.337.5620


------------------------------------------------------------------------------
Get 100% visibility into Java/.NET code with AppDynamics Lite!
It's a free troubleshooting tool designed for production.
Get down to code-level detail for bottlenecks, with <2% overhead.
Download for free and get started troubleshooting in minutes.
http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: PCSClite + OpenSC + RDesktop + Gemalto IDPrime .NET SmartCard

Florent Deybach
Hello

I would like to be able to use my Gemalto IDPrime .NET (
http://www.gemalto.com/products/dotnet_card/ ) card to login to a Windows
Server from my Linux laptops.

What will you use to do that? rdesktop? freerdp?


I was hoping maybe someone here could help me.    I have received a ZIP
file from Gemalto which contains their PKCS11 Library for use with these
cards.

So I guess you've received the PKCS11 library files for Linux. Compile it under your OS, you'll get a file to use with the opensc-tools (libgtop11dotnet.so)
This file is needed to interact with the smarcard to (create keys, store certificates, etc.)

e.g.
pkcs11-tool --module=/usr/lib/libgtop11dotnet.so --keypairgen --key-type rsa:2048 -l --id 001 --label 001


However I doubt you will need this file under Linux.
You'll also need the IDPrime .NET under Windows if you want this latter to recognize your smartcard.

Cheers


------------------------------------------------------------------------------
Get 100% visibility into Java/.NET code with AppDynamics Lite!
It's a free troubleshooting tool designed for production.
Get down to code-level detail for bottlenecks, with <2% overhead.
Download for free and get started troubleshooting in minutes.
http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: PCSClite + OpenSC + RDesktop + Gemalto IDPrime .NET SmartCard

Florent Deybach


Hello

I would like to be able to use my Gemalto IDPrime .NET (
http://www.gemalto.com/products/dotnet_card/ ) card to login to a Windows
Server from my Linux laptops.

What will you use to do that? rdesktop? freerdp?

I answer myself: with rdesktop you'll have to use the smartcard redirection.

e.g.
rdesktop -d AC -k fr -z -a 16 -u login windows_server -r scard

I've tested it with with Windows 2008R2 but I was unable to make it work with W2012...

In my opinion you don't need the PKCS11 drivers on Linux but windows will need the smartcard drivers.

Good luck, keep us updated if you managed to do something

------------------------------------------------------------------------------
Get 100% visibility into Java/.NET code with AppDynamics Lite!
It's a free troubleshooting tool designed for production.
Get down to code-level detail for bottlenecks, with <2% overhead.
Download for free and get started troubleshooting in minutes.
http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: PCSClite + OpenSC + RDesktop + Gemalto IDPrime .NET SmartCard

Steven D Brown
Admittedly I should have included more details.

Through RDesktop the Windows Server 2008 machine can see the card reader
and it knows if there is a card inserted or not.

When the card is inserted, it says No valid certificates found.

If I use a Virtual Box with the card reader redirected into the VM instance
of Windows 7 and use mstsc it works as expected.

The card reader seems to be fully supported under pcsclite, the card itself
seems to be the problem.

If I don't need this Gemalto library, how can I get this card supported
under OpenSC so I can use it via RDesktop?

Steven Brown, Support Consultant
ISM Canada  An IBM Global Services Company
1 Research Drive, Regina, Saskatchewan, Canada,S4S7H1
Mail:  [hidden email]
Direct: 1.306.337.5620


                                                                                                                                   
  From:       Florent Deybach <[hidden email]>                                                                                
                                                                                                                                   
  To:         Steven D Brown/CanWest/IBM@IBMCA,                                                                                    
                                                                                                                                   
  Cc:         [hidden email]                                                                                  
                                                                                                                                   
  Date:       2013/08/09 02:23 AM                                                                                                  
                                                                                                                                   
  Subject:    Re: [Opensc-devel] PCSClite + OpenSC + RDesktop + Gemalto IDPrime .NET SmartCard                                    
                                                                                                                                   







  Hello

   I would like to be able to use my Gemalto IDPrime .NET (
   http://www.gemalto.com/products/dotnet_card/ ) card to login to a
   Windows
   Server from my Linux laptops.

  What will you use to do that? rdesktop? freerdp?

I answer myself: with rdesktop you'll have to use the smartcard
redirection.

e.g.
rdesktop -d AC -k fr -z -a 16 -u login windows_server -r scard

I've tested it with with Windows 2008R2 but I was unable to make it work
with W2012...

In my opinion you don't need the PKCS11 drivers on Linux but windows will
need the smartcard drivers.

Good luck, keep us updated if you managed to do something



------------------------------------------------------------------------------
Get 100% visibility into Java/.NET code with AppDynamics Lite!
It's a free troubleshooting tool designed for production.
Get down to code-level detail for bottlenecks, with <2% overhead.
Download for free and get started troubleshooting in minutes.
http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: PCSClite + OpenSC + RDesktop + Gemalto IDPrime .NET SmartCard

Florent Deybach
If you can login with the windows mstsc program then you should have a more specific look on what you're using on your Linux machine.

What is the output of the pcsc_scan command ? (if you have the package pcsc-tools installed)

What version of rdesktop do you use?
What version of pcsclite do you use?

Again, I don't think you need the PKCS11 drivers on your Linux. You just redirect the smartcard through RDP thanks to libpcsclite.

If you compile yourself rdesktop, you want to get a more verbose output by compiling it with --with-debug-smartcard to get more info.

But if you go that way, I suggest you use the rdesktop-users mailing list.


2013/8/9 Steven D Brown <[hidden email]>
Admittedly I should have included more details.

Through RDesktop the Windows Server 2008 machine can see the card reader
and it knows if there is a card inserted or not.

When the card is inserted, it says No valid certificates found.

If I use a Virtual Box with the card reader redirected into the VM instance
of Windows 7 and use mstsc it works as expected.

The card reader seems to be fully supported under pcsclite, the card itself
seems to be the problem.

If I don't need this Gemalto library, how can I get this card supported
under OpenSC so I can use it via RDesktop?

Steven Brown, Support Consultant
ISM Canada  An IBM Global Services Company
1 Research Drive, Regina, Saskatchewan, Canada,S4S7H1
Mail:  [hidden email]
Direct: 1.306.337.5620



  From:       Florent Deybach <[hidden email]>

  To:         Steven D Brown/CanWest/IBM@IBMCA,

  Cc:         [hidden email]

  Date:       2013/08/09 02:23 AM

  Subject:    Re: [Opensc-devel] PCSClite + OpenSC + RDesktop + Gemalto IDPrime .NET SmartCard








  Hello

   I would like to be able to use my Gemalto IDPrime .NET (
   http://www.gemalto.com/products/dotnet_card/ ) card to login to a
   Windows
   Server from my Linux laptops.

  What will you use to do that? rdesktop? freerdp?

I answer myself: with rdesktop you'll have to use the smartcard
redirection.

e.g.
rdesktop -d AC -k fr -z -a 16 -u login windows_server -r scard

I've tested it with with Windows 2008R2 but I was unable to make it work
with W2012...

In my opinion you don't need the PKCS11 drivers on Linux but windows will
need the smartcard drivers.

Good luck, keep us updated if you managed to do something




------------------------------------------------------------------------------
Get 100% visibility into Java/.NET code with AppDynamics Lite!
It's a free troubleshooting tool designed for production.
Get down to code-level detail for bottlenecks, with <2% overhead.
Download for free and get started troubleshooting in minutes.
http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: PCSClite + OpenSC + RDesktop + Gemalto IDPrime .NET SmartCard

Florent Deybach
Sorry, just saw you mentioned the version details in your first mail.

Maybe you could try the new version of rdesktop (1.8.1) which was just released today.
Compile it yourself with debugging options.

Still, if it doesn't work for you I still suggest you ask someone on the rdesktop mailing list.

Cheers


2013/8/9 Florent Deybach <[hidden email]>
If you can login with the windows mstsc program then you should have a more specific look on what you're using on your Linux machine.

What is the output of the pcsc_scan command ? (if you have the package pcsc-tools installed)

What version of rdesktop do you use?
What version of pcsclite do you use?

Again, I don't think you need the PKCS11 drivers on your Linux. You just redirect the smartcard through RDP thanks to libpcsclite.

If you compile yourself rdesktop, you want to get a more verbose output by compiling it with --with-debug-smartcard to get more info.

But if you go that way, I suggest you use the rdesktop-users mailing list.



2013/8/9 Steven D Brown <[hidden email]>
Admittedly I should have included more details.

Through RDesktop the Windows Server 2008 machine can see the card reader
and it knows if there is a card inserted or not.

When the card is inserted, it says No valid certificates found.

If I use a Virtual Box with the card reader redirected into the VM instance
of Windows 7 and use mstsc it works as expected.

The card reader seems to be fully supported under pcsclite, the card itself
seems to be the problem.

If I don't need this Gemalto library, how can I get this card supported
under OpenSC so I can use it via RDesktop?

Steven Brown, Support Consultant
ISM Canada  An IBM Global Services Company
1 Research Drive, Regina, Saskatchewan, Canada,S4S7H1
Mail:  [hidden email]
Direct: 1.306.337.5620



  From:       Florent Deybach <[hidden email]>

  To:         Steven D Brown/CanWest/IBM@IBMCA,

  Cc:         [hidden email]

  Date:       2013/08/09 02:23 AM

  Subject:    Re: [Opensc-devel] PCSClite + OpenSC + RDesktop + Gemalto IDPrime .NET SmartCard








  Hello

   I would like to be able to use my Gemalto IDPrime .NET (
   http://www.gemalto.com/products/dotnet_card/ ) card to login to a
   Windows
   Server from my Linux laptops.

  What will you use to do that? rdesktop? freerdp?

I answer myself: with rdesktop you'll have to use the smartcard
redirection.

e.g.
rdesktop -d AC -k fr -z -a 16 -u login windows_server -r scard

I've tested it with with Windows 2008R2 but I was unable to make it work
with W2012...

In my opinion you don't need the PKCS11 drivers on Linux but windows will
need the smartcard drivers.

Good luck, keep us updated if you managed to do something





------------------------------------------------------------------------------
Get 100% visibility into Java/.NET code with AppDynamics Lite!
It's a free troubleshooting tool designed for production.
Get down to code-level detail for bottlenecks, with <2% overhead.
Download for free and get started troubleshooting in minutes.
http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: PCSClite + OpenSC + RDesktop + Gemalto IDPrime .NET SmartCard

Douglas E. Engert
In reply to this post by Steven D Brown


On 8/8/2013 5:16 PM, Steven D Brown wrote:

>
> Hello Folks,
>
> This is my first post here, I did some searches of the mailing list via
> Google but didn't see anything relevant.
>
> I have the following setup:
>
> RedHat 6.4 / Ubuntu 12.xx laptops
> Rdesktop 1.7.1
> PSCSlite 1.8.5
>
> Gemalto Reader as shown here:
> http://pcsclite.alioth.debian.org/ccid/supported.html#0x08E60x3437  ,
> although it is a USB model
>
> I would like to be able to use my Gemalto IDPrime .NET (
> http://www.gemalto.com/products/dotnet_card/ ) card to login to a Windows
> Server from my Linux laptops.

What version of the windows server?

>
>
> I have spent the past week or so speaking to Dr Rousseau about PCSClite and
> he says that the Windows server is asking for some attributes that PCSC is
> currently unequipped to handle on these cards.    Because this is a
> self-motivated project within my department, I am unable to fund a massive
> research project to sort this out.
>
> I was hoping maybe someone here could help me.    I have received a ZIP
> file from Gemalto which contains their PKCS11 Library for use with these
> cards.
>

Just tested from: Ubuntu 12.10 using:

  Rdesktop 1.7.1
  PSCSlite 1.8.5

  SCM 355 reader
  U.S. Gov issued PIV smart card to Windows 7 using:

  rdesktop -r scard hostname

This works, and Windows 7 logs me in to the Windows Domain,
as if I was at the console.

Note that neither OpenSC or PKCS#11 is not involved.

The Windows 7 built-in minidriver driver sends APDU commands to pcscd
on ubuntu, and responses are returned.

As Dr Rousseau must have indicated, It sounds like the GemAlto software
on the Windows side is sending some commands over to rdesktop to be sent
to pcscd that it can not handle.

Have you gotten a pcscd trace?
  /usr/sbin/pcscd -f -a -d > some.output.file

> Would someone here be willing to work with me to make these cards
> compatible with PSCS / OpenSC / OpenCT / Whatever?

For use with Windows via rdesktop, it sounds like you need a
minidriver on Windows and no changes on the unix side.
But GemAlto (or Windows .NET) provided you with one.

It may be that the windows server is old, can you try
doing a rdesktop to a Windows 7 or Windows 8?

It could also be that the .NET card is sending commands to
pcscd that rdesktop or pcscd can not handle.

Does a PCSCD trace show what is failing?

>
> Is it possible?

Yes, but it sounds like the GemAlto driver should work,
if run on a new enough Windows server.

>
> Steven Brown, Support Consultant
> ISM Canada  An IBM Global Services Company
> 1 Research Drive, Regina, Saskatchewan, Canada,S4S7H1
> Mail:  [hidden email]
> Direct: 1.306.337.5620
>
>
> ------------------------------------------------------------------------------
> Get 100% visibility into Java/.NET code with AppDynamics Lite!
> It's a free troubleshooting tool designed for production.
> Get down to code-level detail for bottlenecks, with <2% overhead.
> Download for free and get started troubleshooting in minutes.
> http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk
> _______________________________________________
> Opensc-devel mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/opensc-devel
>

--

  Douglas E. Engert  <[hidden email]>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444

------------------------------------------------------------------------------
Get 100% visibility into Java/.NET code with AppDynamics Lite!
It's a free troubleshooting tool designed for production.
Get down to code-level detail for bottlenecks, with <2% overhead.
Download for free and get started troubleshooting in minutes.
http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: PCSClite + OpenSC + RDesktop + Gemalto IDPrime .NET SmartCard

Steven D Brown
We are trying to login to a Windows 2008 R2 machine.

I have sent many traces to Dr Rousseau, did you want me to capture one and
post it here?

Gemalto provided me with an implementation of PKCS11 which others have
indicated I should not need.



Steven Brown, Support Consultant
ISM Canada  An IBM Global Services Company
1 Research Drive, Regina, Saskatchewan, Canada,S4S7H1
Mail:  [hidden email]
Direct: 1.306.337.5620


                                                                                                                                   
  From:       "Douglas E. Engert" <[hidden email]>                                                                              
                                                                                                                                   
  To:         [hidden email],                                                                                  
                                                                                                                                   
  Date:       2013/08/12 09:57 AM                                                                                                  
                                                                                                                                   
  Subject:    Re: [Opensc-devel] PCSClite + OpenSC + RDesktop + Gemalto IDPrime .NET SmartCard                                    
                                                                                                                                   







On 8/8/2013 5:16 PM, Steven D Brown wrote:

>
> Hello Folks,
>
> This is my first post here, I did some searches of the mailing list via
> Google but didn't see anything relevant.
>
> I have the following setup:
>
> RedHat 6.4 / Ubuntu 12.xx laptops
> Rdesktop 1.7.1
> PSCSlite 1.8.5
>
> Gemalto Reader as shown here:
> http://pcsclite.alioth.debian.org/ccid/supported.html#0x08E60x3437  ,
> although it is a USB model
>
> I would like to be able to use my Gemalto IDPrime .NET (
> http://www.gemalto.com/products/dotnet_card/ ) card to login to a Windows
> Server from my Linux laptops.

What version of the windows server?

>
>
> I have spent the past week or so speaking to Dr Rousseau about PCSClite
and
> he says that the Windows server is asking for some attributes that PCSC
is
> currently unequipped to handle on these cards.    Because this is a
> self-motivated project within my department, I am unable to fund a
massive
> research project to sort this out.
>
> I was hoping maybe someone here could help me.    I have received a ZIP
> file from Gemalto which contains their PKCS11 Library for use with these
> cards.
>

Just tested from: Ubuntu 12.10 using:

  Rdesktop 1.7.1
  PSCSlite 1.8.5

  SCM 355 reader
  U.S. Gov issued PIV smart card to Windows 7 using:

  rdesktop -r scard hostname

This works, and Windows 7 logs me in to the Windows Domain,
as if I was at the console.

Note that neither OpenSC or PKCS#11 is not involved.

The Windows 7 built-in minidriver driver sends APDU commands to pcscd
on ubuntu, and responses are returned.

As Dr Rousseau must have indicated, It sounds like the GemAlto software
on the Windows side is sending some commands over to rdesktop to be sent
to pcscd that it can not handle.

Have you gotten a pcscd trace?
  /usr/sbin/pcscd -f -a -d > some.output.file

> Would someone here be willing to work with me to make these cards
> compatible with PSCS / OpenSC / OpenCT / Whatever?

For use with Windows via rdesktop, it sounds like you need a
minidriver on Windows and no changes on the unix side.
But GemAlto (or Windows .NET) provided you with one.

It may be that the windows server is old, can you try
doing a rdesktop to a Windows 7 or Windows 8?

It could also be that the .NET card is sending commands to
pcscd that rdesktop or pcscd can not handle.

Does a PCSCD trace show what is failing?

>
> Is it possible?

Yes, but it sounds like the GemAlto driver should work,
if run on a new enough Windows server.

>
> Steven Brown, Support Consultant
> ISM Canada  An IBM Global Services Company
> 1 Research Drive, Regina, Saskatchewan, Canada,S4S7H1
> Mail:  [hidden email]
> Direct: 1.306.337.5620
>
>
>
------------------------------------------------------------------------------

> Get 100% visibility into Java/.NET code with AppDynamics Lite!
> It's a free troubleshooting tool designed for production.
> Get down to code-level detail for bottlenecks, with <2% overhead.
> Download for free and get started troubleshooting in minutes.
>
http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk
> _______________________________________________
> Opensc-devel mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/opensc-devel
>

--

  Douglas E. Engert  <[hidden email]>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444

------------------------------------------------------------------------------

Get 100% visibility into Java/.NET code with AppDynamics Lite!
It's a free troubleshooting tool designed for production.
Get down to code-level detail for bottlenecks, with <2% overhead.
Download for free and get started troubleshooting in minutes.
http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel





------------------------------------------------------------------------------
Get 100% visibility into Java/.NET code with AppDynamics Lite!
It's a free troubleshooting tool designed for production.
Get down to code-level detail for bottlenecks, with <2% overhead.
Download for free and get started troubleshooting in minutes.
http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: PCSClite + OpenSC + RDesktop + Gemalto IDPrime .NET SmartCard

Douglas E. Engert
In reply to this post by Douglas E. Engert
And some other things to try:

Gem Alto has a number of debugging tools.
Can you login to the windows server using user/password
from a Windows 7 using RDC and see if their debugging utilities
work as expected over RDC.

Then try again from a Ubuntu client using rdesktop and see if the
debugging utilities work from there.

As others have said, it could be that rdesktop and/or pcscd are not
supporting some features of the .NET cards, or
  http://msdn.microsoft.com/en-us/windows/hardware/gg487500.aspx


On 8/12/2013 10:56 AM, Douglas E. Engert wrote:

>
>
> On 8/8/2013 5:16 PM, Steven D Brown wrote:
>>
>> Hello Folks,
>>
>> This is my first post here, I did some searches of the mailing list via
>> Google but didn't see anything relevant.
>>
>> I have the following setup:
>>
>> RedHat 6.4 / Ubuntu 12.xx laptops
>> Rdesktop 1.7.1
>> PSCSlite 1.8.5
>>
>> Gemalto Reader as shown here:
>> http://pcsclite.alioth.debian.org/ccid/supported.html#0x08E60x3437  ,
>> although it is a USB model
>>
>> I would like to be able to use my Gemalto IDPrime .NET (
>> http://www.gemalto.com/products/dotnet_card/ ) card to login to a Windows
>> Server from my Linux laptops.
>
> What version of the windows server?
>
>>
>>
>> I have spent the past week or so speaking to Dr Rousseau about PCSClite and
>> he says that the Windows server is asking for some attributes that PCSC is
>> currently unequipped to handle on these cards.    Because this is a
>> self-motivated project within my department, I am unable to fund a massive
>> research project to sort this out.
>>
>> I was hoping maybe someone here could help me.    I have received a ZIP
>> file from Gemalto which contains their PKCS11 Library for use with these
>> cards.
>>
>
> Just tested from: Ubuntu 12.10 using:
>
>    Rdesktop 1.7.1
>    PSCSlite 1.8.5
>
>    SCM 355 reader
>    U.S. Gov issued PIV smart card to Windows 7 using:
>
>    rdesktop -r scard hostname
>
> This works, and Windows 7 logs me in to the Windows Domain,
> as if I was at the console.
>
> Note that neither OpenSC or PKCS#11 is not involved.
>
> The Windows 7 built-in minidriver driver sends APDU commands to pcscd
> on ubuntu, and responses are returned.
>
> As Dr Rousseau must have indicated, It sounds like the GemAlto software
> on the Windows side is sending some commands over to rdesktop to be sent
> to pcscd that it can not handle.
>
> Have you gotten a pcscd trace?
>    /usr/sbin/pcscd -f -a -d > some.output.file
>
>> Would someone here be willing to work with me to make these cards
>> compatible with PSCS / OpenSC / OpenCT / Whatever?
>
> For use with Windows via rdesktop, it sounds like you need a
> minidriver on Windows and no changes on the unix side.
> But GemAlto (or Windows .NET) provided you with one.
>
> It may be that the windows server is old, can you try
> doing a rdesktop to a Windows 7 or Windows 8?
>
> It could also be that the .NET card is sending commands to
> pcscd that rdesktop or pcscd can not handle.
>
> Does a PCSCD trace show what is failing?
>
>>
>> Is it possible?
>
> Yes, but it sounds like the GemAlto driver should work,
> if run on a new enough Windows server.
>
>>
>> Steven Brown, Support Consultant
>> ISM Canada  An IBM Global Services Company
>> 1 Research Drive, Regina, Saskatchewan, Canada,S4S7H1
>> Mail:  [hidden email]
>> Direct: 1.306.337.5620
>>
>>
>> ------------------------------------------------------------------------------
>> Get 100% visibility into Java/.NET code with AppDynamics Lite!
>> It's a free troubleshooting tool designed for production.
>> Get down to code-level detail for bottlenecks, with <2% overhead.
>> Download for free and get started troubleshooting in minutes.
>> http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk
>> _______________________________________________
>> Opensc-devel mailing list
>> [hidden email]
>> https://lists.sourceforge.net/lists/listinfo/opensc-devel
>>
>

--

  Douglas E. Engert  <[hidden email]>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444

------------------------------------------------------------------------------
Get 100% visibility into Java/.NET code with AppDynamics Lite!
It's a free troubleshooting tool designed for production.
Get down to code-level detail for bottlenecks, with <2% overhead.
Download for free and get started troubleshooting in minutes.
http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: PCSClite + OpenSC + RDesktop + Gemalto IDPrime .NET SmartCard

Florent Deybach
In reply to this post by Steven D Brown

Gemalto provided me with an implementation of PKCS11 which others have
indicated I should not need.

Yes, you need a Minidriver for Windows, not a PKCS11 library :
http://www.gemalto.com/products/dotnet_card/resources/libraries.html

 


------------------------------------------------------------------------------
Get 100% visibility into Java/.NET code with AppDynamics Lite!
It's a free troubleshooting tool designed for production.
Get down to code-level detail for bottlenecks, with <2% overhead.
Download for free and get started troubleshooting in minutes.
http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: PCSClite + OpenSC + RDesktop + Gemalto IDPrime .NET SmartCard

Douglas E. Engert
In reply to this post by Steven D Brown


On 8/12/2013 11:19 AM, Steven D Brown wrote:
> We are trying to login to a Windows 2008 R2 machine.
>
> I have sent many traces to Dr Rousseau, did you want me to capture one and
> post it here?

Not really.

If Dr Rousseau looked at your traces, and said it was sending
commands pcscd does not support, then pcscd does not support them.
It might be possible to get it to support them if one can find the
Microsoft documentation on what these commands are expected to do.
This might mean changes to rdesktop too.


http://technet.microsoft.com/en-us/library/ff404286(WS.10).aspx

>
> Gemalto provided me with an implementation of PKCS11 which others have
> indicated I should not need.

Correct. It looks like it would have no use in trying to use rdesktop
to login to Windows.

But you could use in on Linux with FireFox, Thunderbird or Kerberos PKINIT.

>
>
>
> Steven Brown, Support Consultant
> ISM Canada  An IBM Global Services Company
> 1 Research Drive, Regina, Saskatchewan, Canada,S4S7H1
> Mail:  [hidden email]
> Direct: 1.306.337.5620
>
>
>
>    From:       "Douglas E. Engert" <[hidden email]>
>
>    To:         [hidden email],
>
>    Date:       2013/08/12 09:57 AM
>
>    Subject:    Re: [Opensc-devel] PCSClite + OpenSC + RDesktop + Gemalto IDPrime .NET SmartCard
>
>
>
>
>
>
>
>
> On 8/8/2013 5:16 PM, Steven D Brown wrote:
>>
>> Hello Folks,
>>
>> This is my first post here, I did some searches of the mailing list via
>> Google but didn't see anything relevant.
>>
>> I have the following setup:
>>
>> RedHat 6.4 / Ubuntu 12.xx laptops
>> Rdesktop 1.7.1
>> PSCSlite 1.8.5
>>
>> Gemalto Reader as shown here:
>> http://pcsclite.alioth.debian.org/ccid/supported.html#0x08E60x3437  ,
>> although it is a USB model
>>
>> I would like to be able to use my Gemalto IDPrime .NET (
>> http://www.gemalto.com/products/dotnet_card/ ) card to login to a Windows
>> Server from my Linux laptops.
>
> What version of the windows server?
>
>>
>>
>> I have spent the past week or so speaking to Dr Rousseau about PCSClite
> and
>> he says that the Windows server is asking for some attributes that PCSC
> is
>> currently unequipped to handle on these cards.    Because this is a
>> self-motivated project within my department, I am unable to fund a
> massive
>> research project to sort this out.
>>
>> I was hoping maybe someone here could help me.    I have received a ZIP
>> file from Gemalto which contains their PKCS11 Library for use with these
>> cards.
>>
>
> Just tested from: Ubuntu 12.10 using:
>
>    Rdesktop 1.7.1
>    PSCSlite 1.8.5
>
>    SCM 355 reader
>    U.S. Gov issued PIV smart card to Windows 7 using:
>
>    rdesktop -r scard hostname
>
> This works, and Windows 7 logs me in to the Windows Domain,
> as if I was at the console.
>
> Note that neither OpenSC or PKCS#11 is not involved.
>
> The Windows 7 built-in minidriver driver sends APDU commands to pcscd
> on ubuntu, and responses are returned.
>
> As Dr Rousseau must have indicated, It sounds like the GemAlto software
> on the Windows side is sending some commands over to rdesktop to be sent
> to pcscd that it can not handle.
>
> Have you gotten a pcscd trace?
>    /usr/sbin/pcscd -f -a -d > some.output.file
>
>> Would someone here be willing to work with me to make these cards
>> compatible with PSCS / OpenSC / OpenCT / Whatever?
>
> For use with Windows via rdesktop, it sounds like you need a
> minidriver on Windows and no changes on the unix side.
> But GemAlto (or Windows .NET) provided you with one.
>
> It may be that the windows server is old, can you try
> doing a rdesktop to a Windows 7 or Windows 8?
>
> It could also be that the .NET card is sending commands to
> pcscd that rdesktop or pcscd can not handle.
>
> Does a PCSCD trace show what is failing?
>
>>
>> Is it possible?
>
> Yes, but it sounds like the GemAlto driver should work,
> if run on a new enough Windows server.
>
>>
>> Steven Brown, Support Consultant
>> ISM Canada  An IBM Global Services Company
>> 1 Research Drive, Regina, Saskatchewan, Canada,S4S7H1
>> Mail:  [hidden email]
>> Direct: 1.306.337.5620
>>
>>
>>
> ------------------------------------------------------------------------------
>
>> Get 100% visibility into Java/.NET code with AppDynamics Lite!
>> It's a free troubleshooting tool designed for production.
>> Get down to code-level detail for bottlenecks, with <2% overhead.
>> Download for free and get started troubleshooting in minutes.
>>
> http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk
>> _______________________________________________
>> Opensc-devel mailing list
>> [hidden email]
>> https://lists.sourceforge.net/lists/listinfo/opensc-devel
>>
>
> --
>
>    Douglas E. Engert  <[hidden email]>
>    Argonne National Laboratory
>    9700 South Cass Avenue
>    Argonne, Illinois  60439
>    (630) 252-5444
>
> ------------------------------------------------------------------------------
>
> Get 100% visibility into Java/.NET code with AppDynamics Lite!
> It's a free troubleshooting tool designed for production.
> Get down to code-level detail for bottlenecks, with <2% overhead.
> Download for free and get started troubleshooting in minutes.
> http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk
> _______________________________________________
> Opensc-devel mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/opensc-devel
>
>
>
>
> .
>

--

  Douglas E. Engert  <[hidden email]>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444

------------------------------------------------------------------------------
Get 100% visibility into Java/.NET code with AppDynamics Lite!
It's a free troubleshooting tool designed for production.
Get down to code-level detail for bottlenecks, with <2% overhead.
Download for free and get started troubleshooting in minutes.
http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel