Smart Card Authentication and forwarding

Forums / NoMachine for Windows / Smart Card Authentication and forwarding

Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
    Posts
  • #30860
    AvatarMacGP
    Participant

    Implementation:

    Servers: ESXi VMWare Win 10 x64 1909 VM running NoMachine Enterprise V6.10.12_1 and V7.0.208_4

     

    Clients: Win 10 x64 1909 running NoMachine Enterprise V6.11.2_1 and V7.0.208_5

     

    Requirements:

    1. Smart card authentication

    2. Smart card reader forwarding from client to host

     

    Issues:

    Audio install fails (-536870329)

    USB install fails (-1)

    Smart Card Auth fails

     

    I’ve checked out everything I can find in the forums and online but can’t seem to get this sorted out. I’ve uninstalled and re-installed numerous times. I’ve deployed a fresh Win 10 1909 VM with working audio and USB, but still can’t get NM to install properly. I’ve attached the device and install logs.

     

    Password based AD authentication hasn’t been an issue but our users require smart card auth as it’s their only means of authenticating. I’ve implemented a workaround as I haven’t been able to find much on how to configure NM to work with smart cards for Windows in an AD environment.

     

    USB and audio issues aside, if users can authenticate with AD using smart cards, what do I have to do to make it work with NM?

    #30880
    AvatarBilbotine
    Keymaster

    Hi MacGP,

    There was an error during the upload of logs. Can you please send them to forum[at]nomachine[dot]com, referencing the topic as subject ?

    Can you also explain us how you want to use that Smart Card Authentication (a step by step description would be nice), as we wonder if the USB will be needed, or not, do achieve what you want to.

    Thank you!

    #30890
    AvatarMacGP
    Participant

    Install and device logs have been emailed. Additionally, I’ve sent the failed connection logs for smart card authentication using NX and SSH protocols.

     

    Most users authenticate to the Windows AD Domain using their smart card, they insert their card into the reader and enter their pin.

    Smart card users do not have password authentication.

     

    Objective:

    1. Users insert their smart card into a USB card reader at their workstation.

    2. Users enter their pin at the logon prompt and are granted access to their Windows workstation.

    3. Users launch the NoMachine Enterprise Client and connect to the NoMachine Enterprise Server.

    4. Since users have no passwords, they must use a Smart Card to authenticate the remote connection.

    5. Once connected to the server, the user must then authenticate again into the domain on the server, hence the need for USB forwarding.

     

    I hope this provides some clarity into what I need to accomplish.

    Thanks for taking the time to help.

     

    #31240
    AvatarDawid.G
    Participant

    Hello,

    You may try something like this:

    1. Uninstall NoMachine

    2. Unregister “NoMachine USB Hub Filter” in Windows registry. You can find info about this following this link: https://www.nomachine.com/it/AR10K00732

    3. Reboot

    4. Install NoMachine

     

    I hope it helps.

    #31262
    AvatarMacGP
    Participant

    Thanks Dawid, I have come across that article and tried to follow all of the steps. It did not get me any closer to getting Smart Card Authentication or USB forwarding to work.

    #32048
    AvatarDawid.G
    Participant

    Is it ok if we’d send you a debug package in order to get more detailed logs?

    Please install if possible the package you’ll receive via e-mail and send us a client and the server logs you will acquire by following this article: https://www.nomachine.com/DT10O00163

    It would be also great if you’d send us Event logs from the “C:\Windows\System32\winevt\Logs” directory

    Thanks

Viewing 6 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic.