Programs don’t use smart card on server

Forum / NoMachine Terminal Server Products / Programs don’t use smart card on server

Tagged: ,

Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
    Posts
  • June 27, 2022 at 14:34 #39024
    maiones
    Participant

    Hello again NoMachine!

    When I connect to Linux server from Windows client and then choose security module smart card the device is seen. Also when I input in console: pkcs11-tool –module /usr/NX/lib/libpkcs11.so -L

    I see this token but I can’t use it in system, programs don’t see that this smart card is connected.

    What should I do else or some thing did wrong with that connections?

    Attachments:

    1. 1103a000-7b70-484f-b490-3196c39cc974.jpeg

    2. 89e78aca-816b-4a6d-a700-1490db85f22c.jpeg

    3. f3c552ed-98d7-42d9-bb9f-07bf1007aa54.jpeg

    June 28, 2022 at 15:08 #39040
    Guro
    Contributor

    Hello.

    Please could you provide more detail about how you are using your smartcard in a NoMachine session, so we can understand the steps you are taking/have taken?

    What NoMachine product server side are you using? What type of session is it? Can you tell us the Linux distribution and version?

    programs don’t see that this smart card is connected

    Which programs exactly? Do these programs support the path set to the NoMachine pkcs11 module?

    July 22, 2022 at 21:42 #39402
    maiones
    Participant

    I am terribly sorry for late answer.
    I use a physical token in my computer on Win 10 use NoMachine Enterprise Client 7.10.2 then I connect to Alt Linux sp8 by NX protocol port 4000 (also the same thing with ssh 22) to use a NoMachine Enterprise Terminal Server-7.10.1. As a cryptoprovider we use from both side CryptoPro 5.0.12000. To test my container we try GUI interface CryptoPro and  console to check containers.
    And yes CryptoPro 5.0.12000 are support this module

    July 25, 2022 at 09:20 #39421
    Guro
    Contributor

    Hello

    Did you tried to read public key or certificate on server side after forward device?

    Could you run in session terminal command like:

    pkcs11-tool --module /usr/NX/lib/libpkcs11.so -l --read_object --type pubkey --id <key_id>

    to check accept to generated key pair or certificate.  Please send to us all error messages if they appear.

    July 27, 2022 at 10:56 #39460
    maiones
    Participant

    Hello!

    Yes, I tried to do this too

    I got this message after command

    Attachments:

    1. image_2022-07-27_125603619.png

    July 29, 2022 at 11:06 #39504
    Guro
    Contributor

    Logs from the NoMachine server would be useful as well. Please follow the instructions here: https://kb.nomachine.com/DT11R00182. You can send them directly to forum[at]nomachine[dot]com making sure to reference the title of your topic.

    I tried checking CryptoPro on the fly and the installed version does not contain module rtPKCS11ECP. Please could you also tell us the exact version and whether you are using the free version or a subscription of CryptoPro?

    Additionally would you be willing to run a NoMachine client debug package on your client host to get extended information from client side?

  • Author
    Posts
Viewing 6 posts - 1 through 6 (of 6 total)

This topic was marked as solved, you can't post.