Re: [Opensc-devel] PCSClite + OpenSC + RDesktop + Gemalto IDPrime .NET SmartCard

[Douglas E. E. <dee...@an...>]

And some other things to try:

Gem Alto has a number of debugging tools.
Can you login to the windows server using user/password
from a Windows 7 using RDC and see if their debugging utilities
work as expected over RDC.

Then try again from a Ubuntu client using rdesktop and see if the
debugging utilities work from there.

As others have said, it could be that rdesktop and/or pcscd are not
supporting some features of the .NET cards, or
  http://msdn.microsoft.com/en-us/windows/hardware/gg487500.aspx


On 8/12/2013 10:56 AM, Douglas E. Engert wrote:
>
>
> On 8/8/2013 5:16 PM, Steven D Brown wrote:
>>
>> Hello Folks,
>>
>> This is my first post here, I did some searches of the mailing list via
>> Google but didn't see anything relevant.
>>
>> I have the following setup:
>>
>> RedHat 6.4 / Ubuntu 12.xx laptops
>> Rdesktop 1.7.1
>> PSCSlite 1.8.5
>>
>> Gemalto Reader as shown here:
>> http://pcsclite.alioth.debian.org/ccid/supported.html#0x08E60x3437  ,
>> although it is a USB model
>>
>> I would like to be able to use my Gemalto IDPrime .NET (
>> http://www.gemalto.com/products/dotnet_card/ ) card to login to a Windows
>> Server from my Linux laptops.
>
> What version of the windows server?
>
>>
>>
>> I have spent the past week or so speaking to Dr Rousseau about PCSClite and
>> he says that the Windows server is asking for some attributes that PCSC is
>> currently unequipped to handle on these cards.    Because this is a
>> self-motivated project within my department, I am unable to fund a massive
>> research project to sort this out.
>>
>> I was hoping maybe someone here could help me.    I have received a ZIP
>> file from Gemalto which contains their PKCS11 Library for use with these
>> cards.
>>
>
> Just tested from: Ubuntu 12.10 using:
>
>    Rdesktop 1.7.1
>    PSCSlite 1.8.5
>
>    SCM 355 reader
>    U.S. Gov issued PIV smart card to Windows 7 using:
>
>    rdesktop -r scard hostname
>
> This works, and Windows 7 logs me in to the Windows Domain,
> as if I was at the console.
>
> Note that neither OpenSC or PKCS#11 is not involved.
>
> The Windows 7 built-in minidriver driver sends APDU commands to pcscd
> on ubuntu, and responses are returned.
>
> As Dr Rousseau must have indicated, It sounds like the GemAlto software
> on the Windows side is sending some commands over to rdesktop to be sent
> to pcscd that it can not handle.
>
> Have you gotten a pcscd trace?
>    /usr/sbin/pcscd -f -a -d > some.output.file
>
>> Would someone here be willing to work with me to make these cards
>> compatible with PSCS / OpenSC / OpenCT / Whatever?
>
> For use with Windows via rdesktop, it sounds like you need a
> minidriver on Windows and no changes on the unix side.
> But GemAlto (or Windows .NET) provided you with one.
>
> It may be that the windows server is old, can you try
> doing a rdesktop to a Windows 7 or Windows 8?
>
> It could also be that the .NET card is sending commands to
> pcscd that rdesktop or pcscd can not handle.
>
> Does a PCSCD trace show what is failing?
>
>>
>> Is it possible?
>
> Yes, but it sounds like the GemAlto driver should work,
> if run on a new enough Windows server.
>
>>
>> Steven Brown, Support Consultant
>> ISM Canada  An IBM Global Services Company
>> 1 Research Drive, Regina, Saskatchewan, Canada,S4S7H1
>> Mail:  sb...@ca...
>> Direct: 1.306.337.5620
>>
>>
>> ------------------------------------------------------------------------------
>> Get 100% visibility into Java/.NET code with AppDynamics Lite!
>> It's a free troubleshooting tool designed for production.
>> Get down to code-level detail for bottlenecks, with <2% overhead.
>> Download for free and get started troubleshooting in minutes.
>> http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk
>> _______________________________________________
>> Opensc-devel mailing list
>> Ope...@li...
>> https://lists.sourceforge.net/lists/listinfo/opensc-devel
>>
>

-- 

  Douglas E. Engert  <DEE...@an...>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444