Actually....no. It's much simpler than that. :)<br><br>The issue that I was having was getting rdesktop to work with my vista box. I have a smartcard reader connected to my linux machine and I wanted to be able to use it on the remote vista box as if it was native to that box. <br>
<br>Of course, if you download the latest version of rdesktop, it is supported natively (by supplying the "scard" argument). However, it simply wasn't working on my linux machine.<br><br>My solution wasn't very eloquent, but I refuse to devote too much more time to it than I have to until I actually have the time. Basically, what it came down to is that there were a couple of functions in the rdesktop scard module that were responsible for translating values between types. For whatever reason, the value that was always returned was always off. The logic in the code always returned (CORRECT_VALUE | 0x0001000) for whatever reason. So, in my rush for a workable solution, I modded the code locally, recompiled, and bam....I now have something that works ~85% of the time. Remember...I SAID it wasn't eloquent. :)<br>
<br>I think that the escd daemon doesn't like my mod very much. It's workable for now, though. If you have any better solutions, please let me know! :)<br><br> ~j<br>
<br><div class="gmail_quote">On Sun, Jun 28, 2009 at 10:07 PM, Bryan J. Smith <span dir="ltr"><<a href="mailto:b.j.smith@ieee.org">b.j.smith@ieee.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<br>
From: Jason C. Miller <<a href="mailto:jason.c.miller@gmail.com">jason.c.miller@gmail.com</a>><br>
<div class="im"><br>
> Does anyone here have any experience using smart cards<br>
> over MS RDP with linux?<br>
<br>
</div>To what back-end? I assume Active Directory Services (ADS)?<br>
<br>
The problems are in the protocols, IPC (inter process communication)<br>
and other details. E.g., most of the time the client _must_ already<br>
be trusted by Active Directory.<br>
<br>
That means your Linux computer must be in the Active Directory Domain,<br>
or in a Kerberos realm with an Active Directory External Trust, etc...<br>
I.e., ADS tokens ~ Kerberos tickets, trusts setup between the two.<br>
Some of this is covered on MS Tech Net, although they do leave out a<br>
crapload of details -- especially on the SmartCard.<br>
<br>
This isn't just something you do overnight, let alone you _must_ have<br>
the support of your ADS administrators, because of the "trusts" involved.<br>
Either that or you have to purposely poison tickets/tokens at your<br>
keytabs and other things, which is likely an utter violation of security<br>
policy. ;)<br>
<br>
I find having more Microsoft credentials and 15+ years of NT experience<br>
(since 3.1) isn't enough to break through the typical attitudes of ADS<br>
administrators, who don't understand the first thing about how ADS works.<br>
"Oh, we don't support Linux" and "Oh, just make Linux work" [without a<br>
trust, which wouldn't work for any OS or Kerberos principal either]<br>
<br>
Or have you been delegated the rights to do this? E.g., they setup a<br>
domain in their forest explicitly for Linux clients and/or interfacing<br>
with a Kerberos realm (or possibly interchange with Red Hat Directory<br>
Server / Port386.org)?<br>
<br>
<br>
--<br>
<font color="#888888">Bryan J Smith Professional, Technical Annoyance<br>
<a href="mailto:b.j.smith@ieee.org">b.j.smith@ieee.org</a> <a href="http://www.linkedin.com/in/bjsmith" target="_blank">http://www.linkedin.com/in/bjsmith</a><br>
--------------------------------------------------------<br>
I don't have a "favorite Linux distro." I use, develop<br>
and support community efforts, often built around Linux.<br>
Technology and solutions are my focus, not dragging in<br>
assumptions, marketing and other concepts which dominate<br>
non-community developed software, which I left long ago.<br>
<br>
</font></blockquote></div><br>