search

neutrinolabs / xrdp

xrdp: an open source RDP server
http://www.xrdp.org/
Apache License 2.0
5.46k stars 1.72k forks source link

[Question] smart card support #993

Open choman opened 6 years ago

choman commented 6 years ago

Trying to follow along with a few issues #471 #963 (and others)

I am using centOS 7.4 with xrdp .0.9.4, is there any support for smart cards with this configuration? And if so can someone please tell me how to turn it on for logins?

It seems support has been around since 0.8.0, hopefully with 0.9.4 I don't need to compile the "special" libpcsclite.so.

Or do I need to wait for 0.9.6 (or 1.0) for support to be there?

Thanks in advance Chad

x09 commented 6 years ago

i need smart card redirection too. try connect

xfreerdp /smartcard:'ACS ACR3901 ICC Reader 00 00' /v:xrdp-host /sec:rdp /u:user2
[17:41:59:879] [10970:10971] [INFO][com.freerdp.client.common.cmdline] - loading channelEx rdpdr
[17:41:59:879] [10970:10971] [INFO][com.freerdp.client.common.cmdline] - loading channelEx rdpsnd
[17:41:59:889] [10970:10971] [WARN][com.freerdp.core.gcc] - Server uses non-advertised encryption method 0x00000000
[17:41:59:890] [10970:10971] [ERROR][com.winpr.timezone] - Unable to get current timezone rule
[17:41:59:892] [10970:10971] [INFO][com.freerdp.gdi] - Local framebuffer format  PIXEL_FORMAT_BGRX32
[17:41:59:892] [10970:10971] [INFO][com.freerdp.gdi] - Remote framebuffer format PIXEL_FORMAT_RGB16
[17:41:59:904] [10970:10971] [INFO][com.winpr.clipboard] - initialized POSIX local file subsystem
[17:41:59:906] [10970:10976] [INFO][com.freerdp.channels.rdpdr.client] - Loading device service smartcard [ACS ACR3901 ICC Reader 00 00] (static)
[17:42:03:075] [10970:10977] [ERROR][com.freerdp.channels.rdpsnd.client] - unknown msgType 39
[17:42:03:076] [10970:10976] [INFO][com.freerdp.channels.rdpdr.client] - registered device #1: SCARD (type=32 id=1)
[17:42:03:195] [10970:10976] [INFO][com.freerdp.channels.rdpdr.client] - registered device #1: SCARD (type=32 id=1)

in xrdp session smart card not present..

cro commented 6 years ago

Data point, the official Microsoft RDP client for macOS now supports smart card redirection. This is the 10 series, not the older 8 series--you have to install it from the App Store explicitly. If you have the older version 8 you are not notified there is an update.

I haven't tried this against the devel branch of xrdp yet, maybe this weekend.

bogenchief2710 commented 3 years ago

Is there any configuration required in the configuration files xrdp.ini and sesman.ini for smartcard pass through?

cjbidwell commented 2 years ago

Did anything ever come of this? Still need to get CAC/Smart Card on xrdp working.

cro commented 2 years ago

I tried the devel branch and it did not work for me. Later on I gave up using my Yubikey when its hardware failed in the middle of a customer demo, so I haven't revisited it.

matt335672 commented 2 years ago

This is being worked on, but it's not there yet - have a look at #1825

spstarr commented 1 year ago

Ping on this, 2FA is becoming more and more required and should be for security. The xfreerdp/remmina clients have pcscd support currently.

What are the current remaining issues still to be sorted out?