Thank you Sean for sharing the NGINX-based smart card authentication solution.
I'm interested in implementing this NGINX configuration with Guacamole. A few questions: 1. Does this configuration require specific smart card middleware or drivers on the NGINX server? 2. Will the smart card certificates need to be periodically updated in the NGINX configuration? 3. Is there a recommended way to test the configuration before production deployment? Best regards, Bhupender On Thu, Jan 23, 2025 at 1:21 PM Bhupender <[email protected]> wrote: > Dear Support Team, > > I hope this email finds you well. I am encountering issues with smart card > integration in our Guacamole deployment and would appreciate your > assistance. > > *Environment Details:* > > - *Guacamole Version:* 1.5.4 > - *OS:* Ubuntu 22.04 > - *Smart Card Reader:* ACS ACR39U ICC Reader > - *Card Type:* Siemens SLE 4432/42 > - *FreeRDP Version:* 2.6.1 > > *Key Issue:* > > Smart card authentication works with direct xfreerdp connections but *fails > when connecting through Guacamole*. The smart card reader is detected at > system level but not being redirected through the Guacamole connection. > > *Working Configuration:* > > bash > Copy > # Direct xfreerdp connection (WORKING): > xfreerdp /v:<RDP-SERVER>:<PORT> /u:<USERNAME> /smartcard > > *Current Implementation:* > > 1. *Guacamole Properties:* > > properties > Copy > rdp.security: nlardp.enable-smartcard: truerdp.smartcard-readers: ACS > ACR39U ICC Reader 00 00rdp.enable-drive: truerdp.create-drive-path: > truerdp.ignore-cert: true > > > *Steps Completed:* > > 1. ✅ Recompiled guacamole-server with smart card support: > > bash > Copy > CFLAGS="-I/usr/include/PCSC -I/usr/include/freerdp2 > -DFREERDP_SMARTCARD_EMULATE=1"LDFLAGS="-lpcsclite -lfreerdp2" > > 2. ✅ Installed all required dependencies > 3. ✅ Configured proper system permissions > 4. ✅ Verified smart card detection > 5. ✅ Tested multiple connection configurations > > *Current Status:* > > - ✅ System properly detects smart card reader > - ✅ Direct xfreerdp connections work > - ❌ Guacamole fails to redirect smart card > - ❌ Basic RDP connectivity affected after changes > > *Critical Questions:* > > 1. *Configuration:* Are there specific parameters we're missing? > 2. *Debugging:* What are the recommended steps to identify the > redirection issue? > 3. *Logging:* Is there additional logging we can enable for smart card > handling? > > *Relevant Logs:* > > Copy > Jan 22 12:49:17 guacd[xxxx]: Security mode: NLA > Jan 22 12:49:37 guacd[xxxx]: Connected to RDPDR 1.13 as client 0x0017 > Jan 22 12:49:38 guacd[xxxx]: RDPDR user logged on > > *Additional Information:* > > - Smart card is detected by pcsc_scan > - All system services are running > - Proper permissions are set for guacd user > > I can provide any additional technical details or logs if needed. Your > guidance on resolving this issue would be greatly appreciated. > > Thank you for your time and assistance. > > Best regards, > Bhupender >
