On 1/12/2011 1:54 AM, francois.lebl...@cev-sa.com wrote:
>
> I don't try this, but trainee that make some tests and manage to start
> login,
>
> but server refuse the certificat (don't have exactly the cause).
>
> So I guess that opensc successfully start...
>
>
> The best way is to have a one build dll carmod.dll without need of
> external dll
>
> (libtool, etc...) and put it in system32.
>
>
You say the server refuses the certificate. The Windows login would
be to Active Directory using the Kerberos PKINIT protocols.
Have you setup AD to trust the CA that signed the certificate?
http://support.microsoft.com/kb/281245
See "Request a smart card certificate from the third-party CA."
that covers what must be in the certificate for it to work with login
and what changes are needed in the domain controller to accept
PKINIT.
To make testing easier, rather then login, you can also try:
runas /smartcard /user u...@doamin /netonly cmd.exe
This will test the smartcard and the PKINIT, and is a lot easier then
trying login, and easier to run a wireshark trace to see what is going
over the network.
--
Douglas E. Engert <deeng...@anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
