Actually....no.� It's much simpler than that.� :)<br><br>The issue that I was having was getting rdesktop to work with my vista box.� I have a smartcard reader connected to my linux machine and I wanted to be able to use it on the remote vista box as if it was native to that box.� <br>
<br>Of course, if you download the latest version of rdesktop, it is supported natively (by supplying the "scard" argument).� However, it simply wasn't working on my linux machine.<br><br>My solution wasn't very eloquent, but I refuse to devote too much more time to it than I have to until I actually have the time.� Basically, what it came down to is that there were a couple of functions in the rdesktop scard module that were responsible for translating values between types.� For whatever reason, the value that was always returned was always off.� The logic in the code always returned (CORRECT_VALUE | 0x0001000) for whatever reason.� So, in my rush for a workable solution, I modded the code locally, recompiled, and bam....I now have something that works ~85% of the time.� Remember...I SAID it wasn't eloquent.� :)<br>
<br>I think that the escd daemon doesn't like my mod very much.� It's workable for now, though.� If you have any better solutions, please let me know!� :)<br><br>�������������������������������������������������������� ~j<br>
<br><div class="gmail_quote">On Sun, Jun 28, 2009 at 10:07 PM, Bryan J. Smith <span dir="ltr"><<a href="mailto:b.j.smith@ieee.org">b.j.smith@ieee.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<br>
From: Jason C. Miller <<a href="mailto:jason.c.miller@gmail.com">jason.c.miller@gmail.com</a>><br>
<div class="im"><br>
> Does anyone here have any experience using smart cards<br>
> over MS RDP with linux?<br>
<br>
</div>To what back-end? �I assume Active Directory Services (ADS)?<br>
<br>
The problems are in the protocols, IPC (inter process communication)<br>
and other details. �E.g., most of the time the client _must_ already<br>
be trusted by Active Directory.<br>
<br>
That means your Linux computer must be in the Active Directory Domain,<br>
or in a Kerberos realm with an Active Directory External Trust, etc...<br>
I.e., ADS tokens ~ Kerberos tickets, trusts setup between the two.<br>
Some of this is covered on MS Tech Net, although they do leave out a<br>
crapload of details -- especially on the SmartCard.<br>
<br>
This isn't just something you do overnight, let alone you _must_ have<br>
the support of your ADS administrators, because of the "trusts" involved.<br>
Either that or you have to purposely poison tickets/tokens at your<br>
keytabs and other things, which is likely an utter violation of security<br>
policy. �;)<br>
<br>
I find having more Microsoft credentials and 15+ years of NT experience<br>
(since 3.1) isn't enough to break through the typical attitudes of ADS<br>
administrators, who don't understand the first thing about how ADS works.<br>
"Oh, we don't support Linux" and "Oh, just make Linux work" [without a<br>
trust, which wouldn't work for any OS or Kerberos principal either]<br>
<br>
Or have you been delegated the rights to do this? �E.g., they setup a<br>
domain in their forest explicitly for Linux clients and/or interfacing<br>
with a Kerberos realm (or possibly interchange with Red Hat Directory<br>
Server / Port386.org)?<br>
<br>
<br>
--<br>
<font color="#888888">Bryan J Smith � � � � �Professional, Technical Annoyance<br>
<a href="mailto:b.j.smith@ieee.org">b.j.smith@ieee.org</a> � �<a href="http://www.linkedin.com/in/bjsmith" target="_blank">http://www.linkedin.com/in/bjsmith</a><br>
--------------------------------------------------------<br>
I don't have a "favorite Linux distro." �I use, develop<br>
and support community efforts, often built around Linux.<br>
Technology and solutions are my focus, not dragging in<br>
assumptions, marketing and other concepts which dominate<br>
non-community developed software, which I left long ago.<br>
<br>
</font></blockquote></div><br>