For the past week I've been struggling with getting an Omnikey 5321 v2 CLi card reader working through rdesktop. My goal is to use the reader for authentication (using iClass contactless cards) through rdesktop on a thin client to a Windows 2008 R2 terminal server with smart card logon software installed.
As a proof of concept, I've set up an Ubuntu 12.04 LTS system with:
pcsc-lite 1.8.6 (compiled to use libusb, not libudev)
omnikey rfid smartcard drivers (ifdokrfid_lnx_i686-126.96.36.199)
The installation of all the above appeared to go smoothly. I can start the pcscd daemon with "-f -debug" and see it pick up the driver and card reader, and I can see the pcscd daemon acknowledge when I place and remove a card on the reader (and can see the card ATR).
However, when I try to rdesktop to my test 2008 R2 server, it seems as if the reader is not recognized at all. Placing the card on the reader doesn't log me in and if I log in with a username/password, the reader diagnostic utility I have installed on the 2008 R2 server doesn't show a reader connected.
I've tried with various command line options. I believe that I need to pass arguments to the -scard option which specify the card identifier on the Linux system first, and the Windows system second. So I tried this:
rdesktop -r scard:"OMNIKEY CardMan 5x21 CLi (OKCM0072604111903001423670252780) 00 00"="OMNIKEY 5321-CLi 0" servername
The identifier for the Linux system was obtained from the pcscd output. I obtained the identifier for the reader on the Windows system by connecting the card reader to a Windows 7 system and using Microsoft Remote Desktop to connect to my 2008 R2 server, and then used the reader diagnostic tool to view the identifier.
Does my general approach appear to be correct here? I could certainly send debug output if anyone would like for me to, but I wanted to get some background established first and see if anyone has comments.
The information transmitted (including attachments) is
covered by the Electronic Communications Privacy Act,
18 U.S.C. 2510-2521, is intended only for the person(s) or
entity/entities to which it is addressed and may contain
confidential and/or privileged material. Any review,
retransmission, dissemination or other use of, or taking
of any action in reliance upon, this information by persons
or entities other than the intended recipient(s) is prohibited.
If you received this in error, please contact the sender and
delete the material from any computer.