Classification: UNCLASSIFIED Caveats: FOUO//PROTECTED BY PRIVACY ACT I copied all files in /etc/opt/SUNWut/smartcard/ to my new install. Unfortunately, I am having the same issue (error 63) using Oberthur One v5.5 smart cards. Once again, I am running Solaris 10 patched to current with SRSS 5.2.5. In the authentication log, I do have instances of the following entry, checked against the Oberthur cards.
---------------------------------------------------------
Trying OberthurCS
Unable to determine ID for OberthurCS
Trying JavaBadge/CommonAccessCard
Unable to determine ID for JavaBadge/CommonAccessCard
Trying ActivCardGoldJavaCard
Unable to determine ID for ActivCardGoldJavaCard
Trying JavaBadge-Citibank
Unable to determine ID for JavaBadge-Citibank
Trying Belgian-eID
Unable to determine ID for Belgian-eID
Trying MicroPayflex/Payflex (Generic Names)
Property [9000] not found (caught)
Unable to determine ID for MicroPayflex/Payflex
Trying GEMALTOdotNet
Unable to determine ID for GEMALTOdotNet
Trying Cyberflex_Access
Unable to determine ID for Cyberflex_Access
Trying CyberflexAccessDeveloper32K
Unable to determine ID for CyberflexAccessDeveloper32K
Trying GemXpresso
Unable to determine ID for GemXpresso
Trying JCOP31
Error accessing JCOP31
Trying OpenPlatform
Unable to determine ID for OpenPlatform
Trying ActivCardGold
Unable to determine ID for ActivCardGold
Trying GEMPLUS-MPCOS
Unable to determine ID for GEMPLUS-MPCOS
Trying GEMPLUS-MPCOS-3DES
Property [3bdb] not found (caught)
Unable to determine ID for GEMPLUS-MPCOS-3DES
Trying GEMPLUS-GPK4000-GPK8000
Unable to determine ID for GEMPLUS-GPK4000-GPK8000
Trying GEMPLUS-GPK
Unable to determine ID for GEMPLUS-GPK
Trying PKCS15
Unable to determine ID for PKCS15
Trying SpanishUniversity-TIBC
Unable to determine ID for SpanishUniversity-TIBC
Trying GD-SMARTCAFE
Unable to determine ID for GD-SMARTCAFE
Trying GD-STARCOS
Unable to determine ID for GD-STARCOS
Trying FengChiaUniversity
Unable to determine ID for FengChiaUniversity
Unable to determine ID for Bull-CP8
Trying Cryptoflex
Unable to determine ID for Cryptoflex
Trying IBM-JCOP21id
Property [0031c064b0f31000079000] not found (caught)
Unable to determine ID for IBM-JCOP21id
Trying mondex MM2
Error accessing mondex MM2
Trying Mondex UNU
Unable to determine ID for Mondex
Trying GEMPLUS-GemClub-Memo
Unable to determine ID for GEMPLUS-GemClub-Memo
Card was not identified - following is some card information:
ATR: 3bdb9600801f030031c064b0f3100007900080 length: 13
ATR history: 0031c064b0f31000079000 length: b
Property [dtu.id] not found (caught)
Unable to get DTU id property: dtu.id
Property [dtu.type] not found (caught)
Unable to get DTU type property: dtu.type
----------------------------------------------------------------------------
--
Any help would be greatly appreciated. Perhaps I have something configured
incorrectly?
James M. Kissler (Mike)
Contractor, WTA
HHC, 2-13 Avn Regt, 1st Avn Bde
W: 520-538-1792
DSN 821-1792
[email protected]
-----Original Message-----
From: [email protected]
[mailto:[email protected]] On Behalf Of Fuerle, Thomas
Sent: Monday, January 16, 2012 2:22 PM
To: SunRay-Users mailing list
Subject: Re: [SunRay-Users] SRSS 5.2.3 and Smart Card Authentication
(UNCLASSIFIED)
Hi James,
error 63 means, that the driver for your oberthur cards is missing
1.) Do you have the right driver in /etc/opt/SUNWut/smartcard for these
cards
2.) Is the driver registered in probe_order.conf or (this is what I use)
in your web config kiosk advanced card probe order ...
an update mostly overwrites here, so I do always a backup of this directory
before I update and restore it afterwards, then a utstart c and you should
be back in place.
thomas
Von: [email protected]
[mailto:[email protected]] Im Auftrag von James Kissler
Gesendet: Montag, 16. Jänner 2012 18:23
An: SunRay-Users mailing list
Betreff: Re: [SunRay-Users] SRSS 5.2.3 and Smart Card Authentication
(UNCLASSIFIED)
After updating to SRSS 5.2.5, smart card authentication seems to be working
again. HOWEVER, I am not experiencing an old problem. Back in June of '11
I had problems with the new smart cards my client started using. These
cards were the Oberthur One V5.5; my users were getting an error 63 on the
sunray. After an update, these cards began functioning. Post install of
5.2.5, these same cards are now receiving an error 63. Is this a known
issue (I have not found documentation to that affect) with PCSC-Lite 1.4?
For now, I will reactivate my 5.2.1 server, until I come to a resolution.
Thank you for your assistance,
James Kissler
On Thu, Jan 12, 2012 at 3:27 PM, Nishimura, Scott L (ESS)
<[email protected]> wrote:
Do you have a customized .cfg file in /etc/opt/SUNWut/smartcard? Maybe that
was lost when the server was rebuilt?
Im using SUNWpcsc 1.2_06 [admittedly out of date].
Are you seeing any errors in /var/opt/SUNWut/log/?
When you do a utrestart c, do you see smart card definitions getting
loaded in /var/opt/SUNWut/log/messages?
Does utcard l show your desired card?
From: [email protected]
[mailto:[email protected]] On Behalf Of James Kissler
Sent: Thursday, January 12, 2012 11:13 AM
To: SunRay-Users mailing list
Subject: EXT :Re: [SunRay-Users] SRSS 5.2.3 and Smart Card Authentication
(UNCLASSIFIED)
Scott, this server was working previously. It was setup in failover with
another server. I had a multitude of issues a series of updates I did last
week. I decided it would take less time to rebuild the server, than fix the
issue. I took the primary offline to rebuild; the secondary took over (it
is still working). PC/SC Lite (SUNWpcsc and SUNWpcscdtu) is installed by
default w/ the 5.2.x installation. The only thing not included is the
package for external readers, which I do not use. I guess I will try
removing the default PCSC Lite installation and reinstalling with 1.3, which
worked previous to 5.2.x.
If I recall correctly, I was in contact with you back in 2010 because we had
the same issue with the newer smart cards that were released.
Hopefully I will get this fixed soon. Having no failover, at the moment,
makes me a bit nervous.
James
On Thu, Jan 12, 2012 at 11:53 AM, Nishimura, Scott L (ESS)
<[email protected]> wrote:
Mike,
Did this feature ever work or are you trying to add a feature?
I had a heck of a time getting my particular smartcard to work:
ActivClient software on the WTS had to be a certain level I needed a custom
.cfg file in /etc/opt/SUNWut/smartcard/ I had to activate it with "utcard
-a"
I had to get a fix from Oracle [which hopefully got rolled in to the main
distro; this was back in 2010] I had to uninstall the default pcsc packages
and install more current ones
Bottom line: there is no way I could have gotten this to work without
opening a case with Oracle. Hopefully you have a simpler case.
Scott
-----Original Message-----
From: [email protected]
[mailto:[email protected]] On Behalf Of Kissler, James M CTR
(US)
Sent: Thursday, January 12, 2012 10:32 AM
To: [email protected]
Subject: EXT :[SunRay-Users] SRSS 5.2.3 and Smart Card Authentication
(UNCLASSIFIED)
Classification: UNCLASSIFIED
Caveats: FOUO//PROTECTED BY PRIVACY ACT
I recently rebuilt a Sol 10 server and updated. Then installed SRSS 5.2.3
and configured. The system is running well, with one problem; smart card
redirection does not seem to be working. Inserting a smart card does present
me with a uttsc kiosk session then a 2008 terminal services session... but
no smart credentials.
my current kiosk arguments are:
-t 1800 -- -b -m -r scard:on 150.180.228.24
Might anyone provide some insight as to what direction I can take to get
this resolved?
Thank You
James M. Kissler (Mike)
Contractor, WTA
HHC, 2-13 Avn Regt, 1st Avn Bde
W: 520-538-1792
DSN 821-1792
[email protected]
Classification: UNCLASSIFIED
Caveats: FOUO//PROTECTED BY PRIVACY ACT
_______________________________________________
SunRay-Users mailing list
[email protected]
http://www.filibeto.org/mailman/listinfo/sunray-users
_______________________________________________
SunRay-Users mailing list
[email protected]
http://www.filibeto.org/mailman/listinfo/sunray-users
Classification: UNCLASSIFIED
Caveats: FOUO//PROTECTED BY PRIVACY ACT
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ SunRay-Users mailing list [email protected] http://www.filibeto.org/mailman/listinfo/sunray-users
