Another check is, after you do a "utrestart -c", check /var/opt/SUNWut/log/messages for evidence that the card configs are being read. You may have to increase the logging level.
-----Original Message----- From: Nishimura, Scott L (ESS) Sent: Thursday, January 19, 2012 9:15 AM To: 'SunRay-Users mailing list' Subject: Re: [SunRay-Users] SRSS 5.2.3 and Smart CardAuthentication (UNCLASSIFIED) Also, after you do the "utcard -a", do a "utcard -l" and make sure your card is listed. -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Craig Bender Sent: Wednesday, January 18, 2012 11:22 PM To: SunRay-Users mailing list Subject: EXT :Re: [SunRay-Users] SRSS 5.2.3 and Smart CardAuthentication (UNCLASSIFIED) Hi, Did you then configure the card type for use with utcard -a <filename.cfg>? On Jan 18, 2012, at 10:53 PM, "Kissler, James M CTR (US)" <[email protected]> wrote: > Classification: UNCLASSIFIED > Caveats: FOUO//PROTECTED BY PRIVACY ACT > > I copied all files in /etc/opt/SUNWut/smartcard/ to my new install. > Unfortunately, I am having the same issue (error 63) using Oberthur One v5.5 > smart cards. Once again, I am running Solaris 10 patched to current with > SRSS 5.2.5. In the authentication log, I do have instances of the following > entry, checked against the Oberthur cards. > > --------------------------------------------------------- > Trying OberthurCS > Unable to determine ID for OberthurCS > Trying JavaBadge/CommonAccessCard > Unable to determine ID for JavaBadge/CommonAccessCard > Trying ActivCardGoldJavaCard > Unable to determine ID for ActivCardGoldJavaCard > Trying JavaBadge-Citibank > Unable to determine ID for JavaBadge-Citibank > Trying Belgian-eID > Unable to determine ID for Belgian-eID > Trying MicroPayflex/Payflex (Generic Names) > Property [9000] not found (caught) > Unable to determine ID for MicroPayflex/Payflex > Trying GEMALTOdotNet > Unable to determine ID for GEMALTOdotNet > Trying Cyberflex_Access > Unable to determine ID for Cyberflex_Access > Trying CyberflexAccessDeveloper32K > Unable to determine ID for CyberflexAccessDeveloper32K > Trying GemXpresso > Unable to determine ID for GemXpresso > Trying JCOP31 > Error accessing JCOP31 > Trying OpenPlatform > Unable to determine ID for OpenPlatform > Trying ActivCardGold > Unable to determine ID for ActivCardGold > Trying GEMPLUS-MPCOS > Unable to determine ID for GEMPLUS-MPCOS > Trying GEMPLUS-MPCOS-3DES > Property [3bdb] not found (caught) > Unable to determine ID for GEMPLUS-MPCOS-3DES > Trying GEMPLUS-GPK4000-GPK8000 > Unable to determine ID for GEMPLUS-GPK4000-GPK8000 > Trying GEMPLUS-GPK > Unable to determine ID for GEMPLUS-GPK > Trying PKCS15 > Unable to determine ID for PKCS15 > Trying SpanishUniversity-TIBC > Unable to determine ID for SpanishUniversity-TIBC > Trying GD-SMARTCAFE > Unable to determine ID for GD-SMARTCAFE > Trying GD-STARCOS > Unable to determine ID for GD-STARCOS > Trying FengChiaUniversity > Unable to determine ID for FengChiaUniversity > Unable to determine ID for Bull-CP8 > Trying Cryptoflex > Unable to determine ID for Cryptoflex > Trying IBM-JCOP21id > Property [0031c064b0f31000079000] not found (caught) > Unable to determine ID for IBM-JCOP21id > Trying mondex MM2 > Error accessing mondex MM2 > Trying Mondex UNU > Unable to determine ID for Mondex > Trying GEMPLUS-GemClub-Memo > Unable to determine ID for GEMPLUS-GemClub-Memo > > Card was not identified - following is some card information: > ATR: 3bdb9600801f030031c064b0f3100007900080 length: 13 > ATR history: 0031c064b0f31000079000 length: b > Property [dtu.id] not found (caught) > Unable to get DTU id property: dtu.id > Property [dtu.type] not found (caught) > Unable to get DTU type property: dtu.type > ---------------------------------------------------------------------------- > -- > > Any help would be greatly appreciated. Perhaps I have something configured > incorrectly? > > James M. Kissler (Mike) > Contractor, WTA > HHC, 2-13 Avn Regt, 1st Avn Bde > W: 520-538-1792 > DSN 821-1792 > [email protected] > > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Fuerle, Thomas > Sent: Monday, January 16, 2012 2:22 PM > To: SunRay-Users mailing list > Subject: Re: [SunRay-Users] SRSS 5.2.3 and Smart Card Authentication > (UNCLASSIFIED) > > Hi James, > > > > error 63 means, that the driver for your oberthur cards is missing > > > > 1.) Do you have the right driver in /etc/opt/SUNWut/smartcard for these > cards > > 2.) Is the driver registered in probe_order.conf or (this is what I use) > in your web config kiosk – advanced – card probe order ... > > > > an update mostly overwrites here, so I do always a backup of this directory > before I update and restore it afterwards, then a utstart –c and you should > be back in place. > > > > thomas > > > > Von: [email protected] > [mailto:[email protected]] Im Auftrag von James Kissler > Gesendet: Montag, 16. Jänner 2012 18:23 > An: SunRay-Users mailing list > Betreff: Re: [SunRay-Users] SRSS 5.2.3 and Smart Card Authentication > (UNCLASSIFIED) > > > > After updating to SRSS 5.2.5, smart card authentication seems to be working > again. HOWEVER, I am not experiencing an old problem. Back in June of '11 > I had problems with the new smart cards my client started using. These > cards were the Oberthur One V5.5; my users were getting an error 63 on the > sunray. After an update, these cards began functioning. Post install of > 5.2.5, these same cards are now receiving an error 63. Is this a known > issue (I have not found documentation to that affect) with PCSC-Lite 1.4? > > For now, I will reactivate my 5.2.1 server, until I come to a resolution. > > Thank you for your assistance, > > James Kissler > > On Thu, Jan 12, 2012 at 3:27 PM, Nishimura, Scott L (ESS) > <[email protected]> wrote: > > Do you have a customized .cfg file in /etc/opt/SUNWut/smartcard? Maybe that > was lost when the server was rebuilt? > > > > I’m using SUNWpcsc 1.2_06 [admittedly out of date]. > > > > Are you seeing any errors in /var/opt/SUNWut/log/? > > > > When you do a “utrestart –c”, do you see smart card definitions getting > loaded in /var/opt/SUNWut/log/messages? > > > > Does “utcard –l” show your desired card? > > > > From: [email protected] > [mailto:[email protected]] On Behalf Of James Kissler > Sent: Thursday, January 12, 2012 11:13 AM > To: SunRay-Users mailing list > Subject: EXT :Re: [SunRay-Users] SRSS 5.2.3 and Smart Card Authentication > (UNCLASSIFIED) > > > > Scott, this server was working previously. It was setup in failover with > another server. I had a multitude of issues a series of updates I did last > week. I decided it would take less time to rebuild the server, than fix the > issue. I took the primary offline to rebuild; the secondary took over (it > is still working). PC/SC Lite (SUNWpcsc and SUNWpcscdtu) is installed by > default w/ the 5.2.x installation. The only thing not included is the > package for external readers, which I do not use. I guess I will try > removing the default PCSC Lite installation and reinstalling with 1.3, which > worked previous to 5.2.x. > > If I recall correctly, I was in contact with you back in 2010 because we had > the same issue with the newer smart cards that were released. > > Hopefully I will get this fixed soon. Having no failover, at the moment, > makes me a bit nervous. > > James > > On Thu, Jan 12, 2012 at 11:53 AM, Nishimura, Scott L (ESS) > <[email protected]> wrote: > > Mike, > > Did this feature ever work or are you trying to add a feature? > > I had a heck of a time getting my particular smartcard to work: > > ActivClient software on the WTS had to be a certain level I needed a custom > .cfg file in /etc/opt/SUNWut/smartcard/ I had to activate it with "utcard > -a" > I had to get a fix from Oracle [which hopefully got rolled in to the main > distro; this was back in 2010] I had to uninstall the default pcsc packages > and install more current ones > > Bottom line: there is no way I could have gotten this to work without > opening a case with Oracle. Hopefully you have a simpler case. > > > Scott > > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Kissler, James M CTR > (US) > Sent: Thursday, January 12, 2012 10:32 AM > To: [email protected] > Subject: EXT :[SunRay-Users] SRSS 5.2.3 and Smart Card Authentication > (UNCLASSIFIED) > > Classification: UNCLASSIFIED > Caveats: FOUO//PROTECTED BY PRIVACY ACT > > I recently rebuilt a Sol 10 server and updated. Then installed SRSS 5.2.3 > and configured. The system is running well, with one problem; smart card > redirection does not seem to be working. Inserting a smart card does present > me with a uttsc kiosk session then a 2008 terminal services session... but > no smart credentials. > > my current kiosk arguments are: > > -t 1800 -- -b -m -r scard:on 150.180.228.24 > > Might anyone provide some insight as to what direction I can take to get > this resolved? > > Thank You > > James M. Kissler (Mike) > Contractor, WTA > HHC, 2-13 Avn Regt, 1st Avn Bde > W: 520-538-1792 > DSN 821-1792 > [email protected] > > > Classification: UNCLASSIFIED > Caveats: FOUO//PROTECTED BY PRIVACY ACT > > _______________________________________________ > SunRay-Users mailing list > [email protected] > http://www.filibeto.org/mailman/listinfo/sunray-users > > > > > _______________________________________________ > SunRay-Users mailing list > [email protected] > http://www.filibeto.org/mailman/listinfo/sunray-users > > > > > Classification: UNCLASSIFIED > Caveats: FOUO//PROTECTED BY PRIVACY ACT > > > _______________________________________________ > SunRay-Users mailing list > [email protected] > http://www.filibeto.org/mailman/listinfo/sunray-users _______________________________________________ SunRay-Users mailing list [email protected] http://www.filibeto.org/mailman/listinfo/sunray-users _______________________________________________ SunRay-Users mailing list [email protected] http://www.filibeto.org/mailman/listinfo/sunray-users
