xrdp icon indicating copy to clipboard operation
xrdp copied to clipboard

Published 20 hours ago verified publisher icon neutrinolabs

[Question] smart card support

Open choman opened this issue 7 years ago • 7 comments

Trying to follow along with a few issues #471 #963 (and others)

I am using centOS 7.4 with xrdp .0.9.4, is there any support for smart cards with this configuration? And if so can someone please tell me how to turn it on for logins?

It seems support has been around since 0.8.0, hopefully with 0.9.4 I don't need to compile the "special" libpcsclite.so.

Or do I need to wait for 0.9.6 (or 1.0) for support to be there?

Thanks in advance Chad

choman avatar Jan 10 '18 19:01 choman

i need smart card redirection too. try connect

xfreerdp /smartcard:'ACS ACR3901 ICC Reader 00 00' /v:xrdp-host /sec:rdp /u:user2
[17:41:59:879] [10970:10971] [INFO][com.freerdp.client.common.cmdline] - loading channelEx rdpdr
[17:41:59:879] [10970:10971] [INFO][com.freerdp.client.common.cmdline] - loading channelEx rdpsnd
[17:41:59:889] [10970:10971] [WARN][com.freerdp.core.gcc] - Server uses non-advertised encryption method 0x00000000
[17:41:59:890] [10970:10971] [ERROR][com.winpr.timezone] - Unable to get current timezone rule
[17:41:59:892] [10970:10971] [INFO][com.freerdp.gdi] - Local framebuffer format  PIXEL_FORMAT_BGRX32
[17:41:59:892] [10970:10971] [INFO][com.freerdp.gdi] - Remote framebuffer format PIXEL_FORMAT_RGB16
[17:41:59:904] [10970:10971] [INFO][com.winpr.clipboard] - initialized POSIX local file subsystem
[17:41:59:906] [10970:10976] [INFO][com.freerdp.channels.rdpdr.client] - Loading device service smartcard [ACS ACR3901 ICC Reader 00 00] (static)
[17:42:03:075] [10970:10977] [ERROR][com.freerdp.channels.rdpsnd.client] - unknown msgType 39
[17:42:03:076] [10970:10976] [INFO][com.freerdp.channels.rdpdr.client] - registered device #1: SCARD (type=32 id=1)
[17:42:03:195] [10970:10976] [INFO][com.freerdp.channels.rdpdr.client] - registered device #1: SCARD (type=32 id=1)

in xrdp session smart card not present..

x09 avatar Jan 30 '18 12:01 x09

Data point, the official Microsoft RDP client for macOS now supports smart card redirection. This is the 10 series, not the older 8 series--you have to install it from the App Store explicitly. If you have the older version 8 you are not notified there is an update.

I haven't tried this against the devel branch of xrdp yet, maybe this weekend.

cro avatar Feb 23 '18 18:02 cro

Is there any configuration required in the configuration files xrdp.ini and sesman.ini for smartcard pass through?

bogenchief2710 avatar May 15 '21 12:05 bogenchief2710

Did anything ever come of this? Still need to get CAC/Smart Card on xrdp working.

cjbidwell avatar Jul 29 '21 17:07 cjbidwell

I tried the devel branch and it did not work for me. Later on I gave up using my Yubikey when its hardware failed in the middle of a customer demo, so I haven't revisited it.

cro avatar Jul 29 '21 17:07 cro

This is being worked on, but it's not there yet - have a look at #1825

matt335672 avatar Jul 30 '21 12:07 matt335672