Questions tagged [smartcard]
A smartcard is a cryptographic device, an HSM of sorts, that is programmable and may be used for identification, authentication, private key storage, digital signatures, and other security functions.
69
questions
0
votes
2
answers
128
views
Managing passwords of many remote servers
I routinely login to many remote servers through SSH. I use a public/private SSH key to login without having to enter my password (https://linuxize.com/post/how-to-setup-passwordless-ssh-login/).
...
0
votes
1
answer
371
views
Windows hello for business: remove certificate from virtual smartcard
I've managed to add a certificate to windows hello for signin to RDP.
See: https://learn.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/rdp-sign-in?tabs=intune
However ...
0
votes
0
answers
462
views
Unblock virtual smart card
I've setup a virtual smart card by following this guide. It worked fine until someone locked out the virtual smart card and now it's blocked.
When I try to use it with the correct code to sign in to ...
0
votes
1
answer
2k
views
"Signing in with a smart card isn't supported for your account"
We ran into an issue today where suddenly none of our users could log into their workstations using Smart Cards. The error occurred with a fresh logon or after a 'switch user' but not when logging on ...
1
vote
0
answers
537
views
Need help figure out why I can logon to Windows with a revoked smartcard certificate
I am adding smart card login to our domain and have got almost everything working properly except that when I revoke the certificate on our Enterprise CA I can still log into computers.
I have checked ...
0
votes
0
answers
164
views
How to set file permissions if user logged on using Smart Card or Windows Hello for Business
I have a hybrid joined Windows domain and have set up log-on with Smart Cards and Windows Hello for business. I would like to be able to set file server permissions based on whether a user logged on ...
2
votes
1
answer
470
views
Exporting a PFX file for Smartcard authentication driver issues
I have a ACR122 Smartcard reader I am attempting to export a PFX certificate to for password-less authentication. I have everything set up on the active directory server, but am stuck on the simplest ...
0
votes
1
answer
2k
views
Smart card reader not able to detect in remote host
I have a situation where Host A (USB smart card reader connected) trying to RDP'ed to Host B, however, Host B was not able to detect the smart card reader on Host A in the remote session.
Thing I have ...
1
vote
1
answer
192
views
How do I get my server HSM working while connected via RDP? (Win 2019)
The error I get from pkcs11-tool.exe is "No slots."
My server has a hardware security module (Nitrokey HSM 2) that becomes inaccessible once I connect to my server via Windows Remote Desktop....
0
votes
0
answers
1k
views
Axway Desktop Validator
I have a windows server 2008R2 set up, we recently updated our servers personal certs and did a network reboot. Everything was fine for a few days until our weekly network reboot took place and from ...
0
votes
1
answer
2k
views
Making (virtual) smartcard available to system service
I have a VM running Windows Server 2019 Datacenter Core, which is running a Jenkins build agent as a noninteractive service with its own local user account (.\build).
Now I'd like to add code signing. ...
-2
votes
2
answers
1k
views
Active Directory 2 Factor Authentication with Smartcards
I need 2 Factor Authentication with Smartcards, so i want to login with an Password and a Smartcard. I know that Smartcards have passwords, but my company doesn't like this solution. Is there a way to ...
0
votes
0
answers
3k
views
Trying to create a Powershell script to connect to a server via smart card
Sorry if this is in the wrong community but it seemed the best.
My organization is trying to automate the commands that it has done manually before (Indexing computer storage, etc.). However, we use ...
0
votes
1
answer
286
views
RDP Credentials Manager hangs when NFC pad has been connected
I'm struggling with a problem with RDP in a local domain environment.
Everything usually works perfectly, and I can remote into any client or server within the domain. However, I'm working on a ...
1
vote
1
answer
1k
views
Openssh and smart card
I'm trying to connect to a remote host using a smart card (the same I use to login on my system).
I extracted the rsa key from the smartcard:
$ ssh-keygen -D /usr/lib/opensc-pkcs11.so -e
ssh-rsa ...
1
vote
1
answer
3k
views
Smartcard Authentication on Windows Domain Controller using Yubikey for Windows Login
I have a Yubikey 5 NFC and I am trying to configure it on a test bench for windows login authentication. I cannot seem to get the certificate to enroll on the Yubikey. I have followed the Yubikey ...
2
votes
1
answer
1k
views
smart card for UAC only
I'm in the process of configuring USB Yubikeys as a smart card for our company so that staff can elevate to an admin account (added to the computer's local administrators group) by simply inserting ...
1
vote
1
answer
3k
views
Use Smartcard Reader on Azure Remote Desktop
What I want to achieve:
Plug a Smartcard Reader on my Laptop
Connect to my private Azure VPN
Use Remote Desktop to access a Server using User and Password, with Intelligent Card option and USBs ...
3
votes
1
answer
157
views
Smart Card removal behavior and card renewal
My customer is planning to introduce new Policy regarding smart card removal in their Windows Environment, most probably session break since it's a Citrix environment. Microsoft documentation on the ...
1
vote
0
answers
120
views
How to allow a newly inserted user certificate with Apache 'SSLVerifyClient optional'?
My web users are able to optionally use a Smart Card Certificate to identify themself via Firefox to my web server running Apache httpd 2.4.
For this I use SSLVerifyClient optional plus for speed ...
2
votes
1
answer
444
views
SSH with Yubikey and intermediate host
I'm on macos with a Yubikey. The Yubikey's publickey is added to ServerA and ServerB. I can connect to any server directly from macos with the Yubikey plugged in.
Is it possible to SSH to ServerA and ...
0
votes
0
answers
3k
views
Prevent Smart Card prompt when looking for Enrollment Certificate
I'm using an Enrollment Agent user certificate to amend CSRs (in order to add SANs)
My method is working fine - using the following command:
certreq -config "CertAuth" -policy "PathtoCSR" "Path to ...
0
votes
1
answer
129
views
How to view signatures fulfilling the "Authroized Signatures" option in a Smart Card Logon certificate from a Windows CA
I'm playing with the Windows Server CA role and Smart Card logons. We have a working PKI setup and smart card issuance/logon working. What I'm curious about is the "Require this number of authorized ...
5
votes
0
answers
1k
views
Smart card error from Remote Desktop app
On Windows 10 there are two apps to remotely connect to another computer. One is old Remote Desktop Connection (mstsc.exe) and the other is modern Remote Desktop (RdClient.Windows.exe hidden somewhere ...
0
votes
1
answer
2k
views
Office365 with AD FS Without Azure AD
This should be a simple question, but Microsoft's documentation isn't completely clear on the matter.
I may have a job coming up where I'll be setting up a new Windows Server 2016 Standard deployment ...
4
votes
1
answer
2k
views
Encrypt/Decrypt filesystem container file with smartcard on linux
I want to encrypt and decrypt a file system container file with luks and a smartcard on debian linux.
The smartcard is a Nitrokey Start which is basically a compact smartcard in a usb reader.
I know ...
2
votes
1
answer
2k
views
Smart Card Windows Auth without PIN
Does anyone know of a simple and secure method of logging into a Windows 10 domain PC without having to type ANYTHING?
I have remote workstations that I'd like to access using NVIDIA'S Gamestream ...
2
votes
1
answer
759
views
How to manage smartcards for Windows logon (inventory, certificates, expirations, etc.)?
We are implementing smartcards to comply with two-form authentication using the builtin support in Windows + AD, using YubiKeys and Gemalto .NET cards.
As an admin I can issue new certificates for ...
0
votes
1
answer
2k
views
Windows Shared User Accounts with smart cards
I'm looking for a way to use smart cards to lock and unlock windows workstations used by shared user accounts.
1) We want to lock/unlock the shared user account with each user's personal staff card.
...
6
votes
1
answer
12k
views
Joining AD domain with Windows 10 using smart card
My Windows "domain-centric" company has abruptly decided to make the switch from Windows 7 to Windows 10, and it has become my job to make their prepared image join our domain with our smart card/...
4
votes
0
answers
72
views
Why does RDS login screen vary by user and PC?
I have two identical Lenovo laptops running Windows 10 with all updates. Call them Left and Right. On the backend I have a domain controller and a Remote Desktop Server, both running Windows Server ...
0
votes
1
answer
6k
views
pkcs11_lib - NSS Initialize Failed (bad database?)
I'm having trouble getting PKCS#11 and PAM to work, for whatever reason nss has stopped working and I can't create a new database.
Here's the output from PKCS11 and NSS:
DEBUG:pkcs11_lib.c:187: ...
3
votes
2
answers
73k
views
Smartcard Logon: The domain specified is not available. Please try again later
I'm standing up a test lab.
Using AD CS, I've deployed a smartcard logon cert to an HID Crescendo C1150. When I attempt to log on to a WIN7 workstation with the smartcard, I'm greeted with:
The ...
1
vote
1
answer
1k
views
Passwordless login: virtual smart card with no pin? [closed]
I would like to set up a domain-joined computer for passwordless login with some low-privileged domain account that is specific to that computer. I've seen some blog posts that store the username and ...
4
votes
1
answer
3k
views
How can I tell which users credentials are cached on a local system?
I'm troubleshooting cached credentials on Windows 7, specifically Smart Card logins, and I would like to know how I can find out which users currently have their credentials cached on the machine.
I ...
5
votes
1
answer
4k
views
Windows server 2012 R2 - delay before certificates start working
I have this weird unexplained delay before the certificates i put in my servers start actually working
it goes something like this:
I add the certificates snap-in to mmc to manage the computer ...
2
votes
1
answer
264
views
How would one configure an IIS that has SSL and client certs functional, to show a warning page before logon
I have a web site that uses a CAC client certificate, which is functioning like it should.
The problem is, there's a requirement that the site regurgitate a message warning that it's a US Government ...
4
votes
1
answer
606
views
Smart Card S/MIME with Exchange 2013
I have an Exchange 2013 environment that I'm trying to implement S/MIME with smart cards. To the best of my knowledge, and the little help I have received on TechNet, I have configured my Exchange ...
0
votes
2
answers
2k
views
Linux smart card authentication
I am using puttysc to authenticate to a remote Linux server with my smart card . But as I understand, this isn't true PKI authentication - puttysc just unlocks the public key and matches it to a user ...
1
vote
2
answers
3k
views
Connecting to Server 2012 R2 using HP ThinPro (freeRDP), but smart card is not reading correctly
In preparation to deploy our new 2012R2 RD farm, we have updated our HP thin clients to ThinPro 5.0. They connect just fine using username/password, but when I try to use a smart card, I get the ...
6
votes
3
answers
47k
views
Slow logon via Remote Desktop to Server 2012 and Smart Card service errors
When I logon my Server 2012 R2 server via Remote Desktop it sits at the logon screen for 10-20 seconds before logging me in. Once logged in I find the following three errors in the Windows System ...
0
votes
0
answers
966
views
Smart Card Logon & next hop SSO RDP Login
I started to expriement with smart card based login. So far I can logon to my local PC using my smart card.
What doesn't work is using sso when connecting via RDP to another server. I get the error ...
1
vote
1
answer
695
views
Require smart cards for connections to Windows 2012 remote access server
We have a Windows 2012 server accepting VPN connections over SSTP and authenticating them using the Network Policy Server feature on the same server. For client authentication we've set it up to ...
5
votes
1
answer
3k
views
How do I configure AD CS to support Name Constraints (4.2.1.11 in RFC 2459)?
I am trying to figure out how to do Qualified Subordination with the critical extension set, but I'm unable to figure out how to do this in MSFT AD CS.
For a given certificate, how do I make sure ...
1
vote
0
answers
7k
views
KDC Certificate error using smartcard and Remote Desktop
Our Active Directory domain recently enforced smart card logons for administrator accounts. Since this change we have been unable to access some servers (2008 R2) using Remote Desktop. When attempting ...
1
vote
0
answers
981
views
Windows Server 2008 - Smart Card service is down
I'm getting this weird error when trying to work with a SmartCard on an ec2 machine running Windows Server 2008.
I'm using AnywhereUSB to connect my physical smart-card reader to the remote machine. ...
3
votes
1
answer
89
views
Windows users with smartcards using Lync Android app
We have a Windows network where users are required to log in using a smartcard instead of a password.
Is there a way of allowing our users to use the Andoroid/iOS Lync app, even though they don't ...
2
votes
1
answer
860
views
Web Server with PKCS11 support for server certificates?
I have a PKCS#11-compatible smart card with either a private key, or a combination of a certificate and a private key on it (I can have both).
I want to present the certificate from the smart card to ...
0
votes
0
answers
419
views
Use server-side certificate from Smart Card in IIS
I have a Smart Card (actually a USB dongle, called a Feitian ePass2003) with a certificate and its accompanying private key on it, and I want to use this certificate to serve my SSL site in IIS.
To ...
2
votes
1
answer
2k
views
Smartcard Sharepoint Password prompt
I work in an organization that uses smartcard login. Passwords are not be used.
When opening an attachment in Sharepoint, we are prompted with a username/password dialog. Clicking cancel will allow ...